Return-Path: 
 <security-dev-return-5651-apmail-xml-security-dev-archive=xml.apache.org@xml.apache.org>
Delivered-To: apmail-xml-security-dev-archive@www.apache.org
Received: (qmail 19920 invoked from network); 8 Nov 2006 14:37:55 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 8 Nov 2006 14:37:55 -0000
Received: (qmail 79700 invoked by uid 500); 8 Nov 2006 14:38:06 -0000
Delivered-To: apmail-xml-security-dev-archive@xml.apache.org
Received: (qmail 79543 invoked by uid 500); 8 Nov 2006 14:38:05 -0000
Mailing-List: contact security-dev-help@xml.apache.org; run by ezmlm
Precedence: bulk
List-Post: <mailto:security-dev@xml.apache.org>
List-Help: <mailto:security-dev-help@xml.apache.org>
List-Unsubscribe: <mailto:security-dev-unsubscribe@xml.apache.org>
Reply-To: security-dev@xml.apache.org
List-Id: <security-dev.xml.apache.org>
Delivered-To: mailing list security-dev@xml.apache.org
Received: (qmail 79532 invoked by uid 99); 8 Nov 2006 14:38:05 -0000
Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 08 Nov 2006 06:38:05 -0800
X-ASF-Spam-Status: No, hits=-9.4 required=10.0
	tests=ALL_TRUSTED,NO_REAL_NAME
X-Spam-Check-By: apache.org
Received: from [140.211.11.4] (HELO brutus.apache.org) (140.211.11.4)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 08 Nov 2006 06:37:53 -0800
Received: by brutus.apache.org (Postfix, from userid 33)
	id 2AB4F7142FC; Wed,  8 Nov 2006 06:37:33 -0800 (PST)
From: bugzilla@apache.org
To: security-dev@xml.apache.org
Subject: DO NOT REPLY [Bug 40921]  - XML <X509Certificate> contents modified
 and signature normallly validated.
In-Reply-To: <bug-40921-6260@http.issues.apache.org/bugzilla/>
X-Bugzilla-Reason: AssignedTo
Message-Id: <20061108143733.2AB4F7142FC@brutus.apache.org>
Date: Wed,  8 Nov 2006 06:37:33 -0800 (PST)
X-Virus-Checked: Checked by ClamAV on apache.org

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=40921>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=40921





------- Additional Comments From sean.mullan@sun.com  2006-11-08 06:37 -------
I agree with Scott's reply. I haven't seen your code (can you post it?) but
this is most likely not a bug. However, I am curious as to what key you are 
using to validate the signature. It seems you are using the correct key each
time. If you validated with a key from this different X.509 certificate that you
have inserted then it should not validate (if indeed it was a different public key).

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.