I applied and commited all the changes from src/mscrypto/certkeys.c file except the ref-counting change we discussed before (item 2) from prev issues list) and as I mentioned before I merged xmlsec-mscrypto library AppliedKeysManager and DefaultKeysManager. You will need to slightly change your code but it should be trivial and safe change.
Thus, the only two remaining issues for OO.org xmlsec-mscrypto patch are: 2) (OO.org team) mscrypto handles ref-counting and multithreading 3) (aleksey) xmlSecMSCryptoKeyDataX509VerifyAndExtractKey function
Note that I found few more issues but I don't think any of them require any actions from us and I would like to just mention them here for your reference:
4) src/mscrypto/certkeys.c, xmlSecMSCryptoKeyDataAdoptCert() function: There is a change in CryptAcquireContext() call: the ctx->providerName is replaced with NULL. I believe that in this case, the default crypto provide will be used and I agree that this is a right thing to do. However, I am not sure if this would change anything for other xmlsec-mscrypto users.
5) src/mscrypto/certkeys.c, xmlSecMSCryptoKeyDataDsaGenerate() function: I have to reject this change. I believe that there is no change in functionality. This change simply replaces centralized resource de-allocation based on goto with copy/pasting resource de-allocation code in several places.
6) src/mscrypto/certkeys.c, xmlSecMSCryptoX509StoreConstructCertsChain() function: The new code tries to construct a certs chain for a self-signed cert even if it is not found in the trusted store. I believe, this is incorrect. If we can not find self-signed cert in the trusted certs store, then we just need to return FALSE (can't construct trusted certs chain). I modified the code to do exactly that and it passes all my tests. Hope it will work for you too.
7) src/mscrypto/certkeys.c, xmlSecMSCryptoX509StoreVerify() function: I slightly modified the code to make it look better w/o changing the functionality. Hope you would not mind.
BTW, currently xmlsec-mscrypto passes all the tests as before thus the problems I had before are caused by either item 2) or 3) from above :)
Aleksey
_______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
