I am really sorry but I don't understand what you are complaining
about. I don't observe the problem you have. And I can do nothing
unless you give exact steps to reproduce it.
Aleksey
Edward Shallow wrote:
Yes of course I get a match on "Test User 1" and everything works. The point
is "It shouldn't work". When I do not load --trusted-der it should not work,
and it does. Meaning "No cert chain checking".
It is impossible for your script to work without loading "Test User 1" into
the 'MY' store. In fact the command line utility defaults to 'MY' so you
have to put it there. If you are using my signed document it contains
<dsig:KeyName>. You said you are not using --enabled-key-data so standard
processing in mscrypto will try to find "Test User 1" no matter what.
There is nothing tricky about my setup, it passes all your test suite
perfectly.
I am puzzled at your explanation ?
Ed
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
