[xmlsec] RE: Need urgent help for verify

Aleksey Sanin aleksey at aleksey.com
Wed May 31 08:54:26 PDT 2006



> I would wager, but Alexsey is the expert, that it might be a good idea 
> to ignore the KeyName if an X509Certificate is present when Verifying. 
> After all the reason it got there in the first place is that it was used 
> to select the cert/key when you originally signed it with xmlsec and is 
> left over from the sign operation. It will verify fine if you manually 
> remove the KeyName. Comments Alexsey ? 

Well, when you verify a signature, you have to find a key. If both
KeyName and Certificate are present then you have to try both since
you don't know which one will work....


Aleksey




More information about the xmlsec mailing list