The problem you have is caused by missed "trusted" certificate. When you are verifing certificate a "certificates chain" is created. In this chain, the next certificates verifies the previous one. And of course, you need to have a "root" certificate which you trust. For examples, take a look at readPEMCertificate() funciton in app/xmlsec.c. This function loads trusted or un-trusted certificate in the XMLSec keyring using xmlSecSimpleKeysMngrLoadPemCert() function.
Aleksey. lidia castillejo marco wrote: >Hi, >I'm trying to verify the signatures using dsig3.c example . If the signature is >generated from key (dsa, rsa) the verification is ok, but when i use a x509 >certificate always verification failed. When I generate the signature I load private >key using xmlSecSimpleKeysMngrLoadPemKey() and read the x509 certificate using >xmlSecKeyReadPemCert().The generation result is ok. I'm using my own CA > >Regards, >lidia > >_______________________________________________ >xmlsec mailing list >[EMAIL PROTECTED] >http://www.aleksey.com/mailman/listinfo/xmlsec >
