I've removed strptime() usage and switched to your code completelly :) Thanks! As you've requested, I've added additional errors for the cert verification and, for example, when cert has expired errors stack looks now as follows: [aleksey]> ../apps/xmlsec verify --trusted ../tests/keys/cacert.pem --allowed x509 ../tests/aleksey-xmldsig-01/enveloping-expired-cert.xml xmlSecX509StoreVerify (x509.c:1084): error 46: cert has expired : error=10 (certificate has expired) xmlSecX509DataNodeRead (keyinfo.c:1196): error 41: cert verification failed : xmlSecKeysMngrGetKey (keys.c:518): error 17: key not found : xmlSecSignedInfoRead (xmldsig.c:1437): error 17: key not found : xmlSecSignatureRead (xmldsig.c:1175): error 2: xmlsec operation failed : xmlSecSignedInfoRead - -1 xmlSecDSigValidate (xmldsig.c:733): error 2: xmlsec operation failed : xmlSecSignatureRead - -1 Error: operation failed ERROR
Aleksey. Aleksey Sanin wrote: > Thanks for the patch! I'll take a look at it later today. Of course, > you have the information > about the reason why verification failed. I'll try to add the code to > xmlsec to expose > this information to the application. > _______________________________________________ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec
