On Thu, Dec 08, 2016 at 01:26:27PM -0800, Aleksey Sanin <[email protected]> wrote: > Could you please confirm that xmlsec-nss gets the key from the > certificate and not from another place?
Hi, Hmm... how do I confirm that? The use-case where this code is running is that I have a signed XML document and I'm verifying the signature. The NSS db doesn't have the certificate (so the private key is not available), nor the issuer certificate (or its parents). So I *guess* the only way how xmlsec-nss can get the key (assuming you mean the public key) is from the certificate. > I am not very familiar with this code unfortunately. It might > have happen that the NSS API changed since xmlsec-nss was > written :) No problem, I'll check tomorrow if it's really just about passing a non-NULL returnedUsages to CERT_VerifyCertificate(); I just asked here in case somebody more competent than me can point ouf if I'm missing something obvious. ;-) Thanks, Miklos
signature.asc
Description: Digital signature
_______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
