diff options
| -rw-r--r-- | xmlsecurity/source/component/documentdigitalsignatures.cxx | 10 |
1 files changed, 3 insertions, 7 deletions
diff --git a/xmlsecurity/source/component/documentdigitalsignatures.cxx b/xmlsecurity/source/component/documentdigitalsignatures.cxx index 9d94b1845fd9..6e84163c4e84 100644 --- a/xmlsecurity/source/component/documentdigitalsignatures.cxx +++ b/xmlsecurity/source/component/documentdigitalsignatures.cxx @@ -335,13 +335,9 @@ DocumentDigitalSignatures::ImplVerifySignatures( rSigInfo.Signer = xSecEnv->getCertificate( rInfo.ouX509IssuerName, xmlsecurity::numericStringToBigInteger( rInfo.ouX509SerialNumber ) ); - // Verify certificate - //We have patched our version of libxmlsec, so that it does not verify the certificates. This has two - //reasons. First we want two separate status for signature and certificate. Second libxmlsec calls - //CERT_VerifyCertificate (Solaris, Linux) falsely, so that it always regards the certificate as valid. - //On Windows the checking of the certificate path is buggy. It does name matching (issuer, subject name) - //to find the parent certificate. It does not take into account that there can be several certificates - //with the same subject name. + // On Windows checking the certificate path is buggy. It does name matching (issuer, subject name) + // to find the parent certificate. It does not take into account that there can be several certificates + // with the same subject name. try { rSigInfo.CertificateStatus = xSecEnv->verifyCertificate(rSigInfo.Signer, |