[xmlsec] Verification fail using element info

Sat, 22 Feb 2003 02:19:35 -0800

I try to verify signature using info of <x509Data> element.

Signature is follow.

 

<?xml version="1.0" encoding="UTF-8"?>
<Envelope xmlns="urn:envelope">
  <Data>
 Hello, World!
  </Data>
  <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
    <SignedInfo>
      <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
      <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
      <Reference URI="">
      <Transforms>
          <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
        </Transforms>
        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
        <DigestValue>9H/rQr2Axe9hYTV2n/tCp+3UIQQ=</DigestValue>
      </Reference>
    </SignedInfo>
    <SignatureValue>meSE9vU3J9R1/ZmeLLcR7swATefF6Tq7jcR+BMd+AdRMVk1KnCgxymHVfCSzxEuSWgvPzUA/hEWu7Xh3atg0zhkD25FWhG48z+gxqDqm9rW2CAQ3Q1auQ+F8Zb6eDVS6REpPLy5UbdqXF7QPbBEYJK0mv4U+f9xnQR88Hgg54oE=</SignatureValue>
    <KeyInfo>
  <keyValue/>
    <X509Data>
<X509Certificate>
MIICUjCCAbsCBTEyMzQ1MA0GCSqGSIb3DQEBBAUAMIGaMQswCQYDVQQGEwJLUjESMBAGA1UE
CBMJQ2hvb25nTmFtMRAwDgYDVQQHEwdZb29TdW5nMQ0wCwYDVQQKEwRFVFJJMRswGQYDVQQL
ExJEUk0gRGV2ZWxvcGVyIFRlYW0xFTATBgNVBAMTDEVUUkkgU29od2FuZzEiMCAGCSmGSIb3
DQEJARYTc293aGFuZ0BldHJpLnJlLm5ldDAeFw0wMjA1MDEwMDE5MzdaFw0wMzA1MDIwNDEw
MDBaMEQxCzAJBgNVBAYTAktSMQ4wDAYDVQQIEwVTZW91bDEPMA0GA1UEBxMGR29vbkphMRQw
EgYDVQQKEwtTZWpvbmcgVW5pdjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArEkqKvki
EyMrB+KL+eh2Z3AVEVksEmy/S+lBwhcGOBOL8+LXHsM8LQNhp1dvFrdt9EqC1OUceI4nScmr
y9fpc3aMGgaJ6s+uX13WCHyj2ymB+ZIb+pYy8K0KHk5wUeg84CYk+yTIFmX8EIUeNJwqtm13
KNMAxQ00yse7ZhmvBisCAwEAATANBgkqhkiG9w0BAQQFAAOBgQCDkBvHtUGxiAevrXYkmEx/
3dOmpCjbL9WzkvIO/XNdfLwgMlK7jyOxE7emrjqtnUjclU7r4ST6woqUigKfoKEYVFAfjOzR
i3cMEXCeewyDKThc3BL9bxW5aMUirsI1AeppPvKqMs9rl8MUowe8La+icsUeinVjRZnGB1qP
y20S7g==
</X509Certificate>
</X509Data>
    </KeyInfo>
  </Signature>
</Envelope>

 

But verification failed because x509_STORE_CTX's error attribute assigns X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY in X509_verify_cert().

 

What is wrong?

 

System Environment

 -XMLSEC lib : 0.0.7

 -OS : Windows XP

 -OpenSSL : 0.9.6D

 -Certificate : Self Signed






Reply via email to