I would prefer that the sign fail if the key is expired. This is how the
other CAPI desktop products work.
Aha! Well, I know what happens. The xmlsec performs search for the key
using all the available information. In your case, it finds the key by
the *KeyName* before it tries to search for the certificate. And,
MSCrypto happily returns xmlsec the key w/o checking for certificate
validity.
Honestly, I don't know what can be done here. I think the simplest
way is to disable search by key and search by certificate only as I
described.
Aleksey
_______________________________________________
xmlsec mailing list
xmlsec@aleksey.com
http://www.aleksey.com/mailman/listinfo/xmlsec
