MSDN contains an article describing HMAC calculation. Whether you have implemenetd a significant part of xmlsec-mscrypto, can you explain me why Win32 API function for building chain as I suggest in patch was not used (possibly with #ifdef)? And what is really done in xmlSecMSCryptoX509StoreInitialize, I don't understand this function at all...
I'm not sure anymore why Certificate Chain validation functions of MS weren't used. I think there were some issues to get it working properly in this context... but perhaps that was more due to my lack of experience in using these functions. I'm not sure if anyone else tried this as well.
The certificate validation as it is now is added later, I think. Looking at the code it seems that 2 (trusted and untrusted) memory based certificate stores are created for keeping trusted and untrusted certs, used during certificate validation. The stores are added to a store collection. The store collection can be extended with extra key/certstores (see xmlSecMSCryptoX509StoreAdoptKeyStore).
Wouter _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
