I've looked at your changes and there is one thing that I defenetly don't like.
You are using "certutil" tool to create the nss database. But this tool is not
included into mozilla-nss and mozilla-nss-devel packages (read: I don't have
it on my box). Thus it makes it impossible to test nss implementation for me.
I wonder if there is other way to create nss db directly from xmlsec.
11 bug fix in keys.c. function xmlSecKeysMngrGetKey invokes xmlSecKeyInfoNodeRead. On return from xmlSecKeyInfoNodeRead, it returns key if xmlSecKeyGetValue(key) != NULL
That is incorrect because in xmlSecKeyInfoNodeRead, it is possible to have a key value even if xmlSecKeyMatch fails (see the for loop).
I think the better way to fix it is to put a check in xmlSecKeyInfoNodeRead itself before returning. This will require adjusting the callers too. I'll let you decide :)
I think you change is ok. It's not a bug actually because we do check is key
valid or not on the next level. But this additional check would not hurt.
Aleksey
_______________________________________________ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec
