Shibboleth Developers

[Derek Atkins <>]

 writes:

> >Now I'm a bit confused.  It all just worked!  The change I made:
> >failing to parse an X509 key out of the trust file (or failing to
> >insert it into a key store) is no longer a fatal operation.  For some
> >reason it doesn't like the cert that calls itself /C=US/O=RSA Data
> >Security, Inc./OU=Secure Server Certification Authority.
> >
> 
> well, that's truly odd, but very encouraging news!

Yea, but I couldn't reproduce the problem that I had been reproducing on
Monday...  I'm concerned that maybe something changed somewhere else.

> can you tell if that RSA cert is "the same one" found in standard
> distributions (eg openssl bundle)?

I do not know.  it's the one labeled:

        <!-- RSA Secure Server CA -->

in the trust.xml file.  It parses fine into an x509 object but
OpenSSL fails to add it to the keystore.  I don't know why -- 
I don't have a debugging-build of openssl lying around.

-derek
-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       

                        PGP key available

------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at 

    http://archives.internet2.edu/

------------------------------------------------------mace-shib-design--