[xmlsec] Re: GOST support in xmlsec

Aleksey Sanin aleksey at aleksey.com
Sun Feb 19 09:46:08 PST 2006


> I have thought some more time :-) and now I see I don't understand where
> the last patch breaks backward compatibility. If key manager is not
> empty, the last patch I've submitted is equal to 1.2.9 behaviour...

Think about the following situation:
1) Keys Manager has trusted certs but none of them can be used to
construct the chain for certs in the document.
2) System store *does* have the trusted cert to construct the chain
for certs in the document.

In this case, with your original patch we would never look at system
certs thus returning "not found". In the old code and with the
modifications I made, we would look at both key manager's and system
certs. And we will return the key.

Aleksey






More information about the xmlsec mailing list