You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@santuario.apache.org by "Scott Cantor (JIRA)" <ji...@apache.org> on 2014/03/05 17:54:44 UTC

[jira] [Commented] (SANTUARIO-378) xml-security-c cannot initialise on a Windows system with mandatory user profiles

    [ https://issues.apache.org/jira/browse/SANTUARIO-378?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13921038#comment-13921038 ] 

Scott Cantor commented on SANTUARIO-378:
----------------------------------------

I'm open to anything, but I'm simply not in a position to maintain anything but the OpenSSL code. I can't test anything else. So I'll keep the other options in until it no longer works or builds, but I really would need patches to do anything significant. If it's just a matter of suppressing the error if that status comes back, then that's fine.

Secondarily, there's no chance of a new version from me, absent a security patch, until probably next year at the earliest. I'm maintaining this library solely out of necessity for my own project and I have no time to commit to it right now.

> xml-security-c cannot initialise on a Windows system with mandatory user profiles
> ---------------------------------------------------------------------------------
>
>                 Key: SANTUARIO-378
>                 URL: https://issues.apache.org/jira/browse/SANTUARIO-378
>             Project: Santuario
>          Issue Type: Bug
>          Components: C++
>    Affects Versions: C++ 1.7.2
>         Environment: Windows with mandatory user profiles (eg: Citrix)
>            Reporter: John Elliott
>            Assignee: Scott Cantor
>             Fix For: C++ 1.7.2
>
>
> Under Windows, XSECPlatformUtils::Initialise() starts by creating a new WinCAPICryptoProvider. This fails at WinCAPICryptoProvider.cpp:127 when trying to create its key store:
> 		// Try to create
> 		if (!CryptAcquireContext(&m_provApacheKeyStore,
> 			s_xsecKeyStoreName,
> 			provRSAName,
> 			m_provRSAType,
> 			dwFlags | CRYPT_NEWKEYSET)) {
> 			throw XSECException(XSECException::InternalError,
> 				"WinCAPICryptoProvider() - Error obtaining generating internal key store for PROV_RSA_FULL");
> 		}
> The Windows error is NTE_TEMPORARY_PROFILE. 
> http://blogs.msdn.com/b/alejacma/archive/2007/10/23/rsacryptoserviceprovider-fails-when-used-with-mandatory-profiles.aspx explains that the RSA crypto provider does not allow keys to be stored when a mandatory profile is in use.
> Would it be practical to change behaviour in this case so that library initialisation does not fail, and the exception is thrown only if there is an attempt to use the key store?



--
This message was sent by Atlassian JIRA
(v6.2#6252)