Later this cert could be used during certs verification process
(<dsig:X509Data> node processing): trusted cers are ones that can
"terminate" certificates chain (for example, root CA cert should be
"trusted") and untrusted certs are used to construct certs chain
for verification.
xmlSecSimpleKeysMngrLoadPemCert() *does not* load key. It's only
a cert.
Aleksey.
Thanks for the fast answer.
I have read the documentation of xmlSecSimpleKeysMngrLoadPemCert but it does
not make clear how the certificate loaded can be used in the verification
process.
Should this be done together with setting the flag
xmlSecKeyOriginKeyManager?
I tried that but I could not get it to work. Should it?
Or should I use the flag xmlSecKeyOriginKeyName? But what is then the key of
the certificate I load with xmlSecSimpleKeysMngrLoadPemCert? If I sign with
dsig:KeyName set to something it will have have to match the keyname of the
certificate loaded into the keys manager. But as far as I can see there is
no way of specifying keyname when loading a certificate with
xmlSecSimpleKeysMngrLoadPemCert.
:)
_______________________________________________
xmlsec mailing list
[EMAIL PROTECTED]
http://www.aleksey.com/mailman/listinfo/xmlsec
_______________________________________________ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec
