GNOME Bugzilla – Bug 123668
xmlsec-mscrypto: default keys manager don't use trusted certs in MS Crypto Store
Last modified: 2016-01-28 18:37:23 UTC
Currently the only "trusted" certs are ones loaded to xmlsec directly (for example, using xmlsec command line utility "--trusted" option). This means that code does not accept trusted certs in MS Crypto store as such. There are some functions that allow to check against trusted certs in MS Crypto store. But MSDN says that these functions are not available in Windows 95/98/Me and partially not available in NT 4.0 and Windows 2000. Anyone interested in more details feel free to search for "Certificate Chain Verification Functions" article in MSDN. For me, it sounds like it would be possible to use these new functions but I think it would be good to have a runtime version check: - if it's old Windows then use current code; - if it's new Windows with new functions then use some new code.
Migrated to: https://github.com/lsh123/xmlsec/issues/7