[xmlsec] clarification on openssl verification

John Crowley johncrowley at aol.com
Thu Sep 21 09:27:05 PDT 2006


Nevermind, we figured it out.

On Sep 21, 2006, at 10:28 AM, John Crowley wrote:

> xmlSecOpenSSLKeyDataX509VerifyAndExtractKey() checks keyInfoCtx- 
> >flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_INVALID_CERT to  
> determine whether to report error if part of a chain is missing.   
> We're testing a self-signed cert and erroneously had something  
> missing but xmlsec proceeded without error.
>
> I can't find where xmlsec actually sets such a flag.
>
> Thanks
>
>
>
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec






More information about the xmlsec mailing list