Aleksey Sanin wrote:
Right. There is a problem that the DONT_VERIFY_CERTS
flag disables both certs verification and key extraction.
The problem is that w/o verification you can't build certs
chain and you don't know which certificate is the "top" one
to use for key extraction.
But if there is only one certificate (99,9% of our cases ;) ) it's easy.
And what happens if you have two valid certificates but not related (not
in child/parent relation) ? From which one do you take the key ?
Would special casing for lone certificates with warning in other cases
be acceptable ?
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
