I have thought some more time :-) and now I see I don't understand where the last patch breaks backward compatibility. If key manager is not empty, the last patch I've submitted is equal to 1.2.9 behaviour...
Think about the following situation: 1) Keys Manager has trusted certs but none of them can be used to construct the chain for certs in the document. 2) System store *does* have the trusted cert to construct the chain for certs in the document. In this case, with your original patch we would never look at system certs thus returning "not found". In the old code and with the modifications I made, we would look at both key manager's and system certs. And we will return the key. Aleksey _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
