[xmlsec] xmlSecMSCryptoX509StoreConstructCertsChain

Aleksey Sanin aleksey at aleksey.com
Tue Dec 20 10:51:31 PST 2005


I am probably missing something but I don't see how this patch
solves the CRL issue. It seems to me that it does exactly
the same thing as before.

I would think that the right approach would be to modify
xmlSecBuildChainUsingWinapi() function to return not the
yes/no (error code) but the certificate it finds. Then
the existing logic can be applied to this certificate
"as-is". Then it might be a good idea to add to the
xmlSecMSCryptoX509StoreConstructCertsChain() function
extra code to check revocation list in the Windows storage
(right now it does CRL check only for CRLs in the XML
document itself). After making these two changes, the
code would do both chain creation and CRL verification
against both: certs/crls in the XML document and certs/crls
in the MSCrypto storage.

Aleksey




More information about the xmlsec mailing list