[Bulk] Re: [Bulk] Re: [xmlsec] OpenSSL vs mscrypto

Edward Shallow ed.shallow at rogers.com
Thu Jan 12 22:32:18 PST 2006


Yes of course I get a match on "Test User 1" and everything works. The point
is "It shouldn't work". When I do not load --trusted-der it should not work,
and it does. Meaning "No cert chain checking".

It is impossible for your script to work without loading "Test User 1" into
the 'MY' store. In fact the command line utility defaults to 'MY' so you
have to put it there. If you are using my signed document it contains
<dsig:KeyName>. You said you are not using --enabled-key-data so standard
processing in mscrypto will try to find "Test User 1" no matter what.

There is nothing tricky about my setup, it passes all your test suite
perfectly.

I am puzzled at your explanation ?

Ed 





As I wrote, I *did not* use this option in my test. What your results show
is exactly what I already explained to you: the key w/o "--enabled-key-data
retrieval-method,x509,raw-x509-cert"
is searched by key name and you have a match in your MS Crypto store.

Aleksey


_______________________________________________
xmlsec mailing list
xmlsec at aleksey.com
http://www.aleksey.com/mailman/listinfo/xmlsec





More information about the xmlsec mailing list