Hi, I'm continuing to dig into the anonymous PKINIT code to try to get certificate validation working. I've run into an issue with the way certificates are marshalled to the Kerby Certificate type and back again. See the following @Ignore'd simple test:
https://git1-us-west.apache.org/repos/asf?p=directory-kerby.git;a=commit;h=88a7c956 It just reads in an X.509Certificate, marshalls it as a org.apache.kerby.x509.type.Certificate type, and then back again, and checks the byte arrays. However the test for equality fails - the two byte arrays are different. Any idea why this is? It's causing signature trust validation to fail for PKINIT, as the certpath is not validating as a result. Colm. -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
