Adding key from X509 certificate using xmlSecOpenSSLAppKeyLoad and xmlSecOpenSSLAppKeyLoadMemory does not add the certificate to the key's "keyCert" member

[lsh123]

Discussed in #535

^{Originally posted by fnyberg-vcc February 22, 2023}
Hi
I have a X509 certificate containing a key I want to be used to verify an XML. So after looking at the documentation it seems like I should add the key from the certificate to the key store using the code:

xmlSecKeyPtr key = xmlSecCryptoAppKeyLoad(cert_file, xmlSecKeyDataFormatPem, NULL, NULL, NULL);
xmlSecCryptoAppDefaultKeysMngrAdoptKey(keys_mngr, key);

This adds the key from the cert fine as the XML signature gets verified using the added key, but when I try to retrieve the certificate using:

X509* key_cert = xmlSecOpenSSLKeyDataX509GetKeyCert(xmlSecKeyGetData(key, xmlSecOpenSSLKeyDataX509Id));

I get NULL back. Upon a small investigation, I found that xmlSecCryptoAppKeyLoad and xmlSecOpenSSLAppKeyLoadMemory adds the cert to the stack ctx->certsList but not as ctx->keyCert. From my understanding, a key retrieved from a cert should always have that cert added as ctx->keyCert. Am I missing something or misunderstanding the process? Although I found a workaround using xmlSecOpenSSLKeyDataX509AdoptKeyCert, I would like to know if this behavior is intended.

[lsh123]

The fix was cherry-picked to xmlsec-1_2_x branch as well.