This is exactly the point that it is hard to do in
"generic" case. I hear you and I understand your pain
but I also want to have a solution for a generic library.
Aleksey
On 2/10/2010 9:36 AM, Benjamin Dauvergne wrote:
Aleksey Sanin wrote:
Right. There is a problem that the DONT_VERIFY_CERTS
flag disables both certs verification and key extraction.
The problem is that w/o verification you can't build certs
chain and you don't know which certificate is the "top" one
to use for key extraction.
But if there is only one certificate (99,9% of our cases ;) ) it's easy.
And what happens if you have two valid certificates but not related (not
in child/parent relation) ? From which one do you take the key ?
Would special casing for lone certificates with warning in other cases
be acceptable ?
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
