Re: [xmlsec] Trusted certs directory

Aleksey Sanin Mon, 14 Aug 2006 09:21:16 -0700

Hm... Yes you are right! Sorry, I forgot about this. If you use
OpenSSL then the "config" parameter is pointing to the folder
with trusted certs (see xmlSecOpenSSLSetDefaultTrustedCertsFolder
function).


Do you have any errors from xmlsec? Can you put a breakpoint
in xmlSecOpenSSLX509StoreInitialize() function on this line:

    path = xmlSecOpenSSLGetDefaultTrustedCertsFolder();
    if(path != NULL) {
        X509_LOOKUP *lookup = NULL;
        
        lookup = X509_STORE_add_lookup(ctx->xst,
                         X509_LOOKUP_hash_dir());
        if(lookup == NULL) {
           ...
        }
        X509_LOOKUP_add_dir(lookup, (char*)path, X509_FILETYPE_DEFAULT);
    }


and then trace down if 1) you have correct value in "path" and
2) X509_LOOKUP_add_dir() succeeds? BTW, there is a small bug in this
code... I need to check the return value from X509_LOOKUP_add_dir()
and report an error if needed. I'll fix it tonight.

Aleksey
_______________________________________________
xmlsec mailing list
xmlsec@aleksey.com
http://www.aleksey.com/mailman/listinfo/xmlsec

Re: [xmlsec] Trusted certs directory

Reply via email to