[xmlsec] Loading publickeys from KeyInfo/X509Data

Aleksey Sanin aleksey at aleksey.com
Wed Feb 10 10:09:35 PST 2010


This is exactly the point that it is hard to do in
"generic" case. I hear you and I understand your pain
but I also want to have a solution for a generic library.


Aleksey

On 2/10/2010 9:36 AM, Benjamin Dauvergne wrote:
> Aleksey Sanin wrote:
>> Right. There is a problem that the DONT_VERIFY_CERTS
>> flag disables both certs verification and key extraction.
>>
>> The problem is that w/o verification you can't build certs
>> chain and you don't know which certificate is the "top" one
>> to use for key extraction.
> But if there is only one certificate (99,9% of our cases ;) ) it's easy.
> And what happens if you have two valid certificates but not related (not
> in child/parent relation) ? From which one do you take the key ?
>
> Would special casing for lone certificates with warning in other cases
> be acceptable ?
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec


More information about the xmlsec mailing list