[xmlsec] Fwd: Use of full DistinguishedName in KeyName
Si St
sigbj-st at operamail.com
Mon Oct 24 03:52:39 PDT 2011
Excuse my interruption here,
but where is xmlsec1 searching to find the key in reference to
the <KeyName/>? Where should the key/cert be placed so that
xmlsec1 can find it (f.ex. among other keys)? Any specific
directory? Remenber that xmlsec1 is /usr/local/bin/xmlsec1 with
me, and I wonder where the program will search. In my particular
case we are dealing with --crypto openssl
--
Si St
[1]sigbj-st at operamail.com
On Wednesday, October 19, 2011 9:33 PM, "EdShallow"
<ed.shallow at gmail.com> wrote:
OK, here is how it works with mscrypto and xmlsec 1.2.18
Example 1:
<KeyName>CA, GC, PWGSC-TPSGC, "Ed Shallow"</KeyName>
Example 2 with a special character:
<KeyName>CA, GC, PWGSC-TPSGC, "Shallow, Ed"</KeyName>
In other words, do not use the sub-type qualifiers in the DN
string i.e. cn= ou= o= c=
Order is also important.
Cheers,
Ed
On Wed, Oct 19, 2011 at 7:38 PM, EdShallow
<[2]ed.shallow at gmail.com> wrote:
OK. Give me a day or so and I will check the source to see if
anything has changed in the CAPI calls.
On Oct 19, 2011 7:29 PM, "Aleksey Sanin" <[3]aleksey at aleksey.com>
wrote:
Not that I am aware of.
Aleksey
On 10/19/11 2:02 PM, EdShallow wrote:
. . . sorry forgot to mention, this behavior is with mscrypto
Ed
---------- Forwarded message ----------
From: "EdShallow" <[4]ed.shallow at gmail.com
<mailto:[5]ed.shallow at gmail.com>>
Date: Oct 19, 2011 3:55 PM
Subject: Use of full DistinguishedName in KeyName
To: "[6]xmlsec at aleksey.com <mailto:[7]xmlsec at aleksey.com>"
<[8]xmlsec at aleksey.com
<mailto:[9]xmlsec at aleksey.com>>
Hi Aleksey,
Use of full DN in KeyName template element used to work in
oldwr
versions of xmlsec.
As of 1.2.18 I can only get CommonName to work.
Example:
This works
<KeyName>Shallow Ed</KeyName>
This does not:
<KeyName>cn=Shallow Ed,ou=finance,o=acme,c=ca</KeyName>
I receive an "Object or property cannot be found" message.
Are there any constraints for naming?
Ed
_______________________________________________
xmlsec mailing list
[10]xmlsec at aleksey.com
[11]http://www.aleksey.com/mailman/listinfo/xmlsec
--
Ed's Contact Information:
Mobile Phone: 613-852-6410
Gmail: [12]ed.shallow at gmail.com
VOIP Address: [13]107529 at sip.ca1.voip.ms
VOIP DID#: 613-458-5004
Skype ID: edward.shallow
Home Phone: 613-482-2090
_______________________________________________
xmlsec mailing list
xmlsec at aleksey.com
http://www.aleksey.com/mailman/listinfo/xmlsec
References
1. mailto:sigbj-st at operamail.com
2. mailto:ed.shallow at gmail.com
3. mailto:aleksey at aleksey.com
4. mailto:ed.shallow at gmail.com
5. mailto:ed.shallow at gmail.com
6. mailto:xmlsec at aleksey.com
7. mailto:xmlsec at aleksey.com
8. mailto:xmlsec at aleksey.com
9. mailto:xmlsec at aleksey.com
10. mailto:xmlsec at aleksey.com
11. http://www.aleksey.com/mailman/listinfo/xmlsec
12. mailto:ed.shallow at gmail.com
13. mailto:107529 at sip.ca1.voip.ms
--
http://www.fastmail.fm - Email service worth paying for. Try it for free
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20111024/660e696a/attachment.html>
More information about the xmlsec
mailing list