[xmlsec] FW: Valid To has passed
Aleksey Sanin
aleksey at aleksey.com
Thu Sep 6 14:16:47 PDT 2007
> I would prefer that the sign fail if the key is expired. This is how the
> other CAPI desktop products work.
Aha! Well, I know what happens. The xmlsec performs search for the key
using all the available information. In your case, it finds the key by
the *KeyName* before it tries to search for the certificate. And,
MSCrypto happily returns xmlsec the key w/o checking for certificate
validity.
Honestly, I don't know what can be done here. I think the simplest
way is to disable search by key and search by certificate only as I
described.
Aleksey
More information about the xmlsec
mailing list