[Bulk] Re: [Bulk] Re: [xmlsec] Verify - OpenSSL vs mscrypto
Edward Shallow
ed.shallow at rogers.com
Wed Jan 11 11:20:34 PST 2006
Aleksey wrote ...
I do believe that the xmlsec-mscrypto code *does* build the chain and it
*does* verify it against the "trusted" certificates installed by the app.
With Dmitry's patch, xmlsec-mscrypto *also* uses trusted certificates from
the MSCrypto certificates store.
Yes this is what I thought too. But my test on 1.2.8 (shown in previous post
and included below) never checks whether I load the trusted certs or not ???
2nd last line.
I don't mind waiting for Dmitry's patch, I was just trying to get it going
now.
Ed
xmlsec.xmlSecInit()
xmlsec.xmlSecCryptoDLInit()
xmlsec.xmlSecCryptoDLLoadLibrary('mscrypto')
xmlsec.xmlSecCryptoAppInit('MY')
xmlsec.xmlSecCryptoInit()
parsedDoc = libxml2.xmlParseFile('c:/xmlsec/inout/edsigned-enveloped.xml')
trustedDer = 'c:/xmlsec/keys/cacert.der' <===
trusted root in der format
rootNode = libxml2.xmlDocGetRootElement(parsedDoc)
sigNode = xmlsec.xmlSecFindNode(rootNode, 'Signature',
'http://www.w3.org/2000/09/xmldsig#')
keysMngr = xmlsec.xmlSecKeysMngrCreate()
xmlsec.xmlSecCryptoAppDefaultKeysMngrInit(keysMngr)
dsigCtx = xmlsec.xmlSecDSigCtxCreate()
xmlsec.xmlSecDSigCtxInitialize(dsigCtx, keysMngr)
xmlsec.xmlSecCryptoAppKeysMngrCertLoad(keysMngr, trustedDer, 3, 256)
<=== load trusted root
xmlsec.xmlSecDSigCtxVerify(dsigCtx, sigNode)
More information about the xmlsec
mailing list