Jirka,
Thanks a lot for sending me the example certs to me! Could you
please try one more version?
http://www.aleksey.com/public/xmlsec-20100423.tar.gz
The problem was caused by the difference in the certificates:
one that worked has subject encoded in Unicode
CN=\x00J\x00i\x01Y\x00\xED\x00 \x00N\x00o\x00v\x00\xE1\x00k
and one that did not work has subject encoded in UTF8:
C=CZ, O=12345678 [I\xC4\x8C ], OU=1, CN=Ji\xC5\x99\xC3\xAD
Nov\xC3\xA1k/serialNumber=P123456/title=Title
Unfortunately, MSCrypto is not smart enough to always normalize
the certificates subjects in its internal store and I had to add
one more option in the certificate search chain: try with UTF8
encoded subject.
Hope it covers all the cases now :)
Aleksey
On 4/23/2010 7:19 AM, Aleksey Sanin wrote:
Yes, it should. Any chance you can generate an example cert for me
to test it?
Aleksey
On 4/23/2010 1:33 AM, Jirka Kosek wrote:
Aleksey Sanin wrote:
<KeyName>CN=Jiří Novák</KeyName>
still doesn't work. So it seems that there is still some encoding issue
in dealing with certificate subjects.
Don't ask me "why", I know but can't explain :)
And one more try... hopefully the last one
Many thanks, it works now for self signed certificates.
I don't know whether it is related to this bug or whether this is a
separate issue, but xmlsec is still unable to find real issued
certificates with subject like:
SERIALNUMBER=P111870, CN=Ing. Jiří Kosek, OU=1, O=Ing. Jiří Kosek [IČ
71612998], C=CZ
Is this supposed to work?
Jirka
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
