Re: [xmlsec] mscrpyto

[Roumen Petrov]

Did you mean the the code (../mscrypto/x509vfy.c):
-------------
......
       certInfo.Issuer.cbData = cnb.cbData ;
       certInfo.Issuer.pbData = cnb.pbData ;
       certInfo.SerialNumber.cbData = xmlSecBnGetSize( &issuerSerialBn ) ;
       certInfo.SerialNumber.pbData = xmlSecBnGetData( &issuerSerialBn ) ;

       pCert = CertFindCertificateInStore(
                       store,
                       X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
                       0,
                       CERT_FIND_SUBJECT_CERT,
                       &certInfo,
                       NULL
               ) ;
.....
-------------
is incorrect or don't work for you ?

It search by "issuer name" and "issuer serial".


Roumen


[EMAIL PROTECTED] wrote:

Hi, I checked the code for mscrypto how xmlsec searches for right certificate. Searching for cert with serial number or also for digest (thumbprint) is really a good idea. With applications with several cert issuers, there is a high probability of cert name or serial clashes.

regards,
Gregor

------------------------------------------------------------------------

_______________________________________________
xmlsec mailing list
xmlsec@aleksey.com
http://www.aleksey.com/mailman/listinfo/xmlsec

_______________________________________________
xmlsec mailing list
xmlsec@aleksey.com
http://www.aleksey.com/mailman/listinfo/xmlsec