Replies inline: > > I've successfully got Rampart/C set up, and have the client signing > > messages, however the digests are failing to verify for all items > > apart from the Body. > > > You mean the digest of the body is verified but not for other parts?
It appears to be that way, yes. At least, the Axis1/Java isn't throwing any verification failed errors for the Body. > > It might also be of interest that even with just <sp:Body/> in the > > SignedParts, the timestamp is still signed, so I can't test to see if > > the message is accepted when only the Body is signed (is there a way > > to turn this off?). There is also the message "No Signed parts > > specified. Using the body." when only the body is specified. > > > The behavior is, if a Timestamp is present Rampart/C signs it as per the > WS-Security Policy Specification(Section 7.2). > So if signing is enabled, and there is a Timestamp, Rampart/C signs it. Okay, this is fine, I would want to sign it eventually anyway, I was just curious as to whether there was a way to disable it for testing purposes. > > An error that might be significant is: "OXS ERROR [x509.c:385 in > > openssl_x509_get_subject_key_identifier] oxs defualt error , The > > extenension index of NID_subject_key_identifier is not valid" > > (spelling mistakes in original error message). > > > Did you get this error in the client side? (Since you are using > Rampart/C client against WSS4J ) Yes, that's from the client with Axis2/C|Rampart/C, it can be seen in the debug.log I included with the last message, just above the first c14n debug output, but it's also printed to the screen when running. > The reference belongs to the Timestamp element, in which the digest > verification fails. But the problem is how the Body signature was > verified? (please confirm this). > Have you tried to use Rampart/C for the verification of a message signed > by WSS4J? > BTW, Rampart/C interop with Rampart/Java, which uses WSS4J. :) I've attached the Axis logs for messages with and without a timestamp. It appears to me as though the one without the timestamp is being verified correctly, although it then of course returns to me a 'timestamp missing' error. Could the problem be that the c14n transforms are not working correctly? I'm currently trying to get axis/java to output the xml that it is producing a digest on, to make sure that they match. Thanks, Jamie
withouttimestamp.log
Description: withouttimestamp.log
withtimestamp.log
Description: withtimestamp.log
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
