xmlsec loads trusted certs from the default
crypto-specific storage (e.g. root certs folder
for openssl, nss certs db for NSS, etc.)
Aleksey
Jim Nutt wrote:
Do I need to load the trusted roots manually (does the xmlsec utility?)?
If that's the case, that may be why xmlsec will verify it but my code
won't, it doesn't load the root certificates. I'll give that a try.
On Dec 4, 2007 8:19 PM, Aleksey Sanin <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
Yes, it will get a key from the certificate! You need a trusted
certificate (e.g. root CA certificate) to have the certificate
in the signature verified.
Aleksey
Jim Nutt wrote:
> Ok, a bit more info. The xmlsec utility will verify the signature
> without being passed the pem file separately, so it apparently is
able
> to suck the key from the signature. I'm trying to create a
minimal size
> code set that demonstrates the problem, I'll post that when I
have it.
>
--
Jim Nutt
http://jim.nuttz.org
_______________________________________________
xmlsec mailing list
xmlsec@aleksey.com
http://www.aleksey.com/mailman/listinfo/xmlsec
