[xmlsec] xmlSecMSCryptoX509StoreConstructCertsChain
Wouter Ketting
wsh at xs4all.nl
Tue Dec 13 04:17:45 PST 2005
>
> MSDN contains an article describing HMAC calculation.
>
> Whether you have implemenetd a significant part of xmlsec-mscrypto, can
> you explain me why Win32 API function for building chain as I suggest in
> patch was not used (possibly with #ifdef)? And what is really done in
> xmlSecMSCryptoX509StoreInitialize, I don't understand this function at
> all...
>
I'm not sure anymore why Certificate Chain validation functions of MS
weren't used. I think there were some issues to get it working properly
in this context... but perhaps that was more due to my lack of
experience in using these functions. I'm not sure if anyone else tried
this as well.
The certificate validation as it is now is added later, I think. Looking
at the code it seems that 2 (trusted and untrusted) memory based
certificate stores are created for keeping trusted and untrusted certs,
used during certificate validation. The stores are added to a store
collection. The store collection can be extended with extra
key/certstores (see xmlSecMSCryptoX509StoreAdoptKeyStore).
Wouter
More information about the xmlsec
mailing list