Greetings! On Sun, 18 Dec 2005, Aleksey Sanin wrote:
> Sorry for delay with response... Just too many things happen > in the same time :( > > Anyway, I have some questions about the patch: > > 1) Do you have some specific problem you are trying to address > with this patch? It seem like you do call xmlSecBuildChainUsingWinapi() > function right before doing xmlsec cert verification. And in all > my tests cases this function never returns "OK". Yes, I do. I try to build chain when a signer certificate is present in the signed file and the other are not. So existing code does not build chain and my does. > 2) In all the MSDN examples I can find, CertGetCertificateChain() > function always has NULL for the "additional store" parameter and > in the code you pass the trusted certificates handle. Are you sure > that this is the correct way? Shouldn't it be untrusted certs or > may be CRLs list instead? I'm not sure in it. May be NULL should be passed always and possibly there should be 2 calls, 1st with the trusted store and the 2nd with the untrusted one. > 3) I don't see how CertGetCertificateChain() function handles CRLs > that might have been passed to xmlsec. CertGetCertificateChain seems not use CRL (accept already installed) at all. So it's a problem my Winapi knowledge are not enough to solve. Thank you! -- SY, Dmitry Belyavsky (ICQ UIN 11116575) _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
