[xmlsec] RE: Need urgent help for verify
Aleksey Sanin
aleksey at aleksey.com
Wed May 31 08:54:26 PDT 2006
> I would wager, but Alexsey is the expert, that it might be a good idea
> to ignore the KeyName if an X509Certificate is present when Verifying.
> After all the reason it got there in the first place is that it was used
> to select the cert/key when you originally signed it with xmlsec and is
> left over from the sign operation. It will verify fine if you manually
> remove the KeyName. Comments Alexsey ?
Well, when you verify a signature, you have to find a key. If both
KeyName and Certificate are present then you have to try both since
you don't know which one will work....
Aleksey
More information about the xmlsec
mailing list