[xmlsec] xmlSecMSCryptoX509StoreConstructCertsChain

Wouter Ketting wsh at xs4all.nl
Tue Dec 13 04:17:45 PST 2005


> 
> MSDN contains an article describing HMAC calculation.
> 
> Whether you have implemenetd a significant part of xmlsec-mscrypto, can
> you explain me why Win32 API function for building chain as I suggest in
> patch was not used (possibly with #ifdef)? And what is really done in
> xmlSecMSCryptoX509StoreInitialize, I don't understand this function at
> all...
> 

I'm not sure anymore why Certificate Chain validation functions of MS 
weren't used. I think there were some issues to get it working properly 
in this context... but perhaps that was more due to my lack of 
experience in using these functions. I'm not sure if anyone else tried 
this as well.

The certificate validation as it is now is added later, I think. Looking 
at the code it seems that 2 (trusted and untrusted) memory based 
certificate stores are created for keeping trusted and untrusted certs, 
used during certificate validation. The stores are added to a store 
collection. The store collection can be extended with extra 
key/certstores (see xmlSecMSCryptoX509StoreAdoptKeyStore).

Wouter


More information about the xmlsec mailing list