fl-ido

It allows to avoid checking the trust status of the signing certificate during signature verification, thus allowing the user to verify the trust status by himself, possibly using another store...

Do you mean by making the X509CertStore::verify function virtual so that custom implementations could override the method with their own verification process ?

So if I understand right, xmlsec library is used for digest computing but only for signature verification ? I don't know what it would require to support OpenSSL digest providers...

Indeed, but it seems that they always give NULL as fetching properties parameter, and that they use `EVP_DigestInit` method https://github.com/lsh123/xmlsec/blob/a7e8464f2a2826820b94cc641ac0aae345641fc6/src/openssl/digests.c#L416

It would be a great flexibility enhancement for the library, right ? It would also be an answer to #556. I imagine it could be done by using a parameter...