Pathfinder and xmlsec

What is it?

Our open-source Pathfinder library allows applications to easily perform RFC5280-compliant path validation of X.509 certificates.

We've created a patch for the xmlsec XML Security Library that allows it to use Pathfinder to validate certificates when verifying a digitally signed XML file. Policy mapping, policy constraints, and name constraints are all handled transparently. This makes it even easier to add complete certificate validity checking to applications and servers that may not even already be SSL-aware.

Current Status:

Pathfinder and this patch for xmlsec are presently under active development. Note that this patch will only work with pathfinder 1.1.2 or later!

Download:

Patch:downloads/xmlsec1-1.2.12-pathfinder-20090923.diff.gz

Instructions:

• Make sure you have the WvStreams 4.5 library installed.
• Make sure you have Pathfinder 1.1.2 and libpathfinder-openssl installed and appropriately configured.
• Make sure you have pkg-config installed, and that it knows about libpathfinder.
• Apply the patch to a clean xmlsec1-1.2.12 build tree.
• Run "autoconf" and "autoheader".
• When running "./configure", specify "--with-pathfinder".
• Compile and install xmlsec.
• Pathfinder is always enabled. A target policy OID can only be specified in your system pathfinderd.conf file, by setting [Policy]xmlsec = (for example) 1.2.3.4.5.

Need Help?

Let us know!