Bug 123668 – xmlsec-mscrypto: default keys manager don't use trusted certs in MS Crypto Store

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 123668 - xmlsec-mscrypto: default keys manager don't use trusted certs in MS Crypto Store


Summary:	xmlsec-mscrypto: default keys manager don't use trusted certs in MS Crypto S...


Status:	RESOLVED FIXED

Product:	xmlsec
Classification:	Other
Component:	general
Version:	1.2.1
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	Aleksey Sanin
QA Contact:	Aleksey Sanin

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2003-10-02 01:26 UTC by Aleksey Sanin
Modified:	2016-01-28 18:37 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description Aleksey Sanin 2003-10-02 01:26:15 UTC

Currently the only "trusted" certs are ones loaded to xmlsec directly (for
example, using xmlsec command line utility "--trusted" option). This means
that code does not accept trusted certs in MS Crypto store as such. There
are some functions that allow to check against trusted certs in MS Crypto
store. But MSDN says that these functions are not available in Windows
95/98/Me and partially not available in NT 4.0 and Windows 2000. Anyone
interested in more details feel free to search for "Certificate Chain
Verification Functions" article in MSDN. For me, it sounds  like it would
be possible to use these new functions but I think it would be good to have
a runtime version check:
                - if it's old Windows then use current code;
                - if it's new Windows with new functions then use some new
code.

Comment 1 Aleksey Sanin 2016-01-28 18:37:23 UTC

Migrated to: https://github.com/lsh123/xmlsec/issues/7