[xmlsec] xmlSecMSCryptoX509StoreConstructCertsChain

Dmitry Belyavsky beldmit at cryptocom.ru
Wed Dec 14 00:54:04 PST 2005


Greetings!

On Tue, 13 Dec 2005, Aleksey Sanin wrote:

>
> > I'm not sure anymore why Certificate Chain validation functions of MS
> > weren't used. I think there were some issues to get it working properly in
> > this context... but perhaps that was more due to my lack of experience in
> > using these functions. I'm not sure if anyone else tried this as well.
> >
>
> Great! Dmitry, if you can review your patch and make sure that there
> are no regressions in the xmlsec unit test then I'll be happy to check
> it in :)

Aleksey, I'm not sure that there are no regressions in the xmlsec unit
test after applying my patch but I'm sure the results are similar for
both the original code and the patched code. As I've written, all the
hmac tests failed for both the original and the patched code. I'll be
pleased if anybody else checks my patch.

I'm not sure the patch is applicable "as is". First of all, the function
I suggest should be renamed :-).

Then, for example, some chain check results should be processed more
individually. It seems to me it would be useful to allow setting an
application-level callback in order to process the check result and/or
the check info status, but I don't understand how to set such a
callback.

Should I repost the patch?

Thank you!

-- 
SY, Dmitry Belyavsky (ICQ UIN 11116575)




More information about the xmlsec mailing list