Kai Hendry: > On 17 June 2011 15:18, Aleksey Sanin <[email protected]> wrote: > > Te order of certificates is irrelevant for xml signature standard and xmlsec > > does nothing about it. > > > It does matter. Let me quote my esteemed colleague Paddy: > > """ > The problem, if they are out of order, is knowing which is the > end-entity certificate. There is no information to tell you which one > it is - at least, there is no information that is *required* to be > there.
Issuer and Subject names will tell you everything you need to know. In a certificate chain the leaf certificate's subject name will not show up as issuer in any of the other chain members. -- Wolfgang Woehl Filmmuseum Munich http://www.stadtmuseum-online.de/aktuell/filmre.htm Digital Cinema Tools https://github.com/wolfgangw/digital_cinema_tools/wiki Dietrich https://github.com/wolfgangw/dietrich/wiki _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
