[xmlsec] FW: Valid To has passed
Ed Shallow
ed.shallow at rogers.com
Mon Sep 3 18:09:36 PDT 2007
Specifics of the problem as you requested ...
- running patched xmlsec 1.2.10 on Windows (see re-post from me above)
- using command line utility with options as follows:
xmlsec sign --crypto mscrypto --output inout/edsigned-enveloped-Entrust.xml
tmpl/tmpl-EPM-sign-enveloped-Entrust.xml
xmlsec verify --crypto mscrypto inout/edsigned-enveloped-Entrust.xml
- the Entrust key-pair and certificate are loaded into the Microsoft Crypto
Store and XMLSec is retrieving them based on the template
- the resultant signature (also attached) verifies sucessfully even though
the certificate expired on August 31, 2007
I have not attempted to re-create this outside of --mscrypto yet
Any ideas ?
Ed
-----Original Message-----
From: Ed Shallow [mailto:ed.shallow at rogers.com]
Sent: Saturday, September 01, 2007 9:58 AM
To: 'xmlsec at aleksey.com'
Subject: Valid To has passed
Ho Aleksey,
I just noticed that I am still able to sign --mscrypto with an expired
certificate. Additionally it verifies successfully as well. Is this normal?
In the template can I force creation of the ValidFrom and ValidTo nodes?
Thanks,
Ed
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tmpl-EPM-sign-enveloped-Entrust.xml
Type: text/xml
Size: 1499 bytes
Desc: not available
Url : http://www.aleksey.com/pipermail/xmlsec/attachments/20070903/81a8911e/tmpl-EPM-sign-enveloped-Entrust-0002.xml
-------------- next part --------------
A non-text attachment was scrubbed...
Name: edsigned-enveloped-Entrust.xml
Type: text/xml
Size: 3017 bytes
Desc: not available
Url : http://www.aleksey.com/pipermail/xmlsec/attachments/20070903/81a8911e/edsigned-enveloped-Entrust-0002.xml
More information about the xmlsec
mailing list