Re: [xmlsec] Key certificates in XMLSec 0.1.1

Fri, 04 Apr 2003 08:58:32 -0800

Well, there is a problem. If you want to get/set X509 certificate in OpenSSL you
have to use X509* structure. However, in GnuTLS and NSS it is not "X509*"
but something completely different. I am using "xmlSecCrypto... " macroses in places
where crypto engine differences are "hidden" (for example, for loading PKCS12 file).

Another question is to call these functions if they are not crypto specific? You have
different parameter types and different input value types. Of course, one can use
"void*" but Iam trying to avoid it as much as possible to prevent stupid typing errors.

Unfortunately, I don't have any good solution for you. You can try to use serializing
certificates to binary or XML format (regular key data read/write methods) but
probably it will not help you anyway. And if you'll have any idea about that please
let me know. I'll be happy to fix this too.


Aleksey


Jesse Pelton wrote:

I'm exploring XMLSec 0.1.1.

Background item 1: The OpenSSL implementation provides for storing and
retrieving a keyCert, which is the certificate that is associated with the
private key (in a PKCS12 file, for instance). PKCS12 loading is not
implemented in XMLSec's NSS and GnuTLS engines.

Background item 2: The simple keys store load and save routines do not
handle this certificate. I'm writing my own keys manager and keys store
routines, and I'd like to persist this information.

The question: Assuming I have my facts straight, what's the best (robust and
forward-compatible) way to obtain and set the key certificate? Since I'm
using OpenSSL (at the moment), I can use
xmlSecOpenSSLKeyDataX509GetKeyCert() and
xmlSecOpenSSLKeyDataX509AdoptKeyCert(), but I'd prefer to use function names
not tied to the implementation (like the xmlSecCrypto...() macros). Have I
missed something? Are there plans for something of this sort? (I imagine
that if they're not already there,it's because of uncertainty about
implementation details in the other engines.)
_______________________________________________
xmlsec mailing list
[EMAIL PROTECTED]
http://www.aleksey.com/mailman/listinfo/xmlsec




_______________________________________________
xmlsec mailing list
[EMAIL PROTECTED]
http://www.aleksey.com/mailman/listinfo/xmlsec

Reply via email to