Skip to:

Skip to Jira Navigation
Skip to Side Navigation
Skip to Main Content

Add CRLs found inside Signature during PKIX verification.

Basics

Technical

Logistics

Basics

Technical

Logistics

Description

Current code does not process CRLs found inside a Signature's KeyInfo while verifying a signature with PKIX trust engine base class.

Not clear on what this use case would be, but it's clearly intended that CRLs can accompany a signature.

However, current code relies on Apache xmlsec to expose CRLs inside a signature while verifying, because the XML is wrapped by the xmlsec classes, not mine. Their API is limited to one CRL per X509Data, so without a change there, I can't support more than one at a time.

Environment

None

Linked issues

has dependent

CRL in Signature of Metadata is not processed when using PKIX path validation

Activity

Show:

Scott Cantor June 23, 2009 at 12:46 PM

Closing after releases.

Scott Cantor September 23, 2008 at 5:13 PM

http://svn.middleware.georgetown.edu/view/cpp-xmltooling?view=rev&revision=527

Worked around xmlsec limitations with DOM directly. Link to bugzilla there:
https://issues.apache.org/bugzilla/show_bug.cgi?id=45867

Scott Cantor September 23, 2008 at 9:52 AM

http://svn.middleware.georgetown.edu/view/cpp-xmltooling?view=rev&revision=525

Fixed

Pinned fields

Click on the next to a field label to start pinning.

Details

Assignee

Scott Cantor

Reporter

Scott Cantor

Components

Fix versions

Affects versions

Created September 22, 2008 at 10:19 PM

Updated June 23, 2009 at 12:46 PM

Resolved September 23, 2008 at 5:13 PM