f0ec1971d9
2009-08-19 16:18:46 +0200 tono r275156 : i#103794: mingw gcc-4.4.0 port: make use of dwarf2 eh 2009-08-05 12:27:41 +0200 tono r274650 : CWS-TOOLING: rebase CWS mingwport22 to trunk@274622 (milestone: DEV300:m54) 2009-08-01 00:56:35 +0200 tono r274552 : i#103795: mingw gcc-4.4.0 port: use gcc dll 2009-07-27 00:13:27 +0200 tono r274344 : i#103795: mingw gcc-4.4.0 port: use gcc dll 2009-07-25 06:19:59 +0200 tono r274332 : i#103803: mingw gcc-4.4.0 port: invalid "extern static" 2009-07-25 06:13:56 +0200 tono r274331 : i#103802: mingw gcc-4.4.0 port: inhibit use of pthread 2009-07-25 06:05:22 +0200 tono r274330 : i#103801: mingw gcc-4.4.0 port: specify relocatable data section 2009-07-25 05:54:09 +0200 tono r274329 : i#103800: mingw gcc-4.4.0 port: remove invalid scope 2009-07-25 05:44:58 +0200 tono r274328 : i#103799: mingw gcc-4.4.0 port: add some #include 2009-07-25 05:33:09 +0200 tono r274327 : i#103798: mingw gcc-4.4.0 port: add backward in include path 2009-07-25 05:24:42 +0200 tono r274326 : i#103797: mingw gcc-4.4.0 port: nooptimize c++-uno bridge 2009-07-25 05:16:20 +0200 tono r274325 : i#103795: mingw gcc-4.4.0 port: use gcc dll 2009-07-25 04:01:59 +0200 tono r274324 : i#103794: mingw gcc-4.4.0 port: make use of dwarf2 eh 2009-07-25 02:44:01 +0200 tono r274322 : i#103793: mingw port: Exclude msvc[pr]80.dll from packaging 2009-07-25 02:28:21 +0200 tono r274321 : i#103791: mingw port fix typo |
||
---|---|---|
.. | ||
prj | ||
makefile.mk | ||
readme.txt | ||
xmlsec1-1.2.6.patch |
The XML Security library has been modified, so that there is NO verification of the certificate during sign or verification operation. On Windows this was done in the function xmlSecMSCryptoX509StoreVerify (file src/mscrypto/x509vfy.c) and on UNIX in xmlSecNssX509StoreVerify (file src/nss/x509vfy.c). This change requires that the XML Signature contains in Signature/KeyInfo/X509Data only entries which represent the same certificate. The implementation creates certificates from all of the X509Data children (X509IssuerSerial, X509Certificate) and used to iterate over all certificates, verify them and return the first "good" certificate. Now the first one is used. The X509IssuerSerial information is used by XML Security Library to find the certificate in the certificate store on the machine. The X509Certificate entry is used to create a certificate no matter if this is already contained in the certificate store. Do not forget: Suggest to XML Security Library to provide a way to carry out signature operations without verification of certificates. There is flag XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS that can be set in a xmlSecKeyInfoCtx (see function xmlSecNssKeyDataX509XmlRead, in file src/nss/x509.c), which indicates such a possibility but it does not work.