[xmlsec] Trusted certs directory
Aleksey Sanin
aleksey at aleksey.com
Mon Aug 14 09:21:01 PDT 2006
Hm... Yes you are right! Sorry, I forgot about this. If you use
OpenSSL then the "config" parameter is pointing to the folder
with trusted certs (see xmlSecOpenSSLSetDefaultTrustedCertsFolder
function).
Do you have any errors from xmlsec? Can you put a breakpoint
in xmlSecOpenSSLX509StoreInitialize() function on this line:
path = xmlSecOpenSSLGetDefaultTrustedCertsFolder();
if(path != NULL) {
X509_LOOKUP *lookup = NULL;
lookup = X509_STORE_add_lookup(ctx->xst,
X509_LOOKUP_hash_dir());
if(lookup == NULL) {
...
}
X509_LOOKUP_add_dir(lookup, (char*)path, X509_FILETYPE_DEFAULT);
}
and then trace down if 1) you have correct value in "path" and
2) X509_LOOKUP_add_dir() succeeds? BTW, there is a small bug in this
code... I need to check the return value from X509_LOOKUP_add_dir()
and report an error if needed. I'll fix it tonight.
Aleksey
More information about the xmlsec
mailing list