With openssl, you need to load keys into xmlsec manually. With nss and
mscrypto, there are "default" keys storages that xmlsec can search.
Aleksey
On 10/24/11 3:52 AM, Si St wrote:
Excuse my interruption here,
but where is xmlsec1 searching to find the key in reference to the
<KeyName/>? Where should the key/cert be placed so that xmlsec1 can find
it (f.ex. among other keys)? Any specific directory? Remenber that
xmlsec1 is /usr/local/bin/xmlsec1 with me, and I wonder where the
program will search. In my particular case we are dealing with --crypto
openssl
--
Si St
[email protected] <mailto:[email protected]>
On Wednesday, October 19, 2011 9:33 PM, "EdShallow"
<[email protected]> wrote:
OK, here is how it works with mscrypto and xmlsec 1.2.18
Example 1:
<KeyName>CA, GC, PWGSC-TPSGC, "Ed Shallow"</KeyName>
Example 2 with a special character:
<KeyName>CA, GC, PWGSC-TPSGC, "Shallow, Ed"</KeyName>
In other words, do not use the sub-type qualifiers in the DN string
i.e. cn= ou= o= c=
Order is also important.
Cheers,
Ed
On Wed, Oct 19, 2011 at 7:38 PM, EdShallow <[email protected]
<mailto:[email protected]>> wrote:
OK. Give me a day or so and I will check the source to see if
anything has changed in the CAPI calls.
On Oct 19, 2011 7:29 PM, "Aleksey Sanin" <[email protected]
<mailto:[email protected]>> wrote:
Not that I am aware of.
Aleksey
On 10/19/11 2:02 PM, EdShallow wrote:
. . . sorry forgot to mention, this behavior is with mscrypto
Ed
---------- Forwarded message ----------
From: "EdShallow" <[email protected]
<mailto:[email protected]> <mailto:[email protected]
<mailto:[email protected]>>>
Date: Oct 19, 2011 3:55 PM
Subject: Use of full DistinguishedName in KeyName
To: "[email protected] <mailto:[email protected]>
<mailto:[email protected] <mailto:[email protected]>>"
<[email protected] <mailto:[email protected]>
<mailto:[email protected] <mailto:[email protected]>>>
Hi Aleksey,
Use of full DN in KeyName template element used to work in
oldwr
versions of xmlsec.
As of 1.2.18 I can only get CommonName to work.
Example:
This works
<KeyName>Shallow Ed</KeyName>
This does not:
<KeyName>cn=Shallow Ed,ou=finance,o=acme,c=ca</KeyName>
I receive an "Object or property cannot be found" message.
Are there any constraints for naming?
Ed
_______________________________________________
xmlsec mailing list
[email protected] <mailto:[email protected]>
http://www.aleksey.com/mailman/listinfo/xmlsec
--
Ed's Contact Information:
Mobile Phone: 613-852-6410
Gmail: [email protected] <mailto:[email protected]>
VOIP Address: [email protected] <mailto:[email protected]>
VOIP DID#: 613-458-5004
Skype ID: edward.shallow
Home Phone: 613-482-2090
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
--
http://www.fastmail.fm - Email service worth paying for. Try it for free
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
