Hi! I have a little problem verifying xml signatures. The problem is that it just don't care about CA certificates. I only set the m_dsigCtx->signKey = xmlSecCryptoAppKeyLoad(tmpfile.c_str(), xmlSecKeyDataFormatCertPem, NULL, NULL, NULL); and the verification returns xmlSecDSigStatusSucceeded. But I thought I had to add the CA certificates that has issued the signing certificate for the verification to succeed. This is also what I have done but then I got this bad feeling that the CAs I added with xmlSecCryptoAppKeysMngrCertLoad(m_keysMngr, tmpfile.c_str(), xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted) was not taken into account.
I tried verifying without adding any CAs. And it worked. Of course I want the verification to fail if the signKey can not be verified. I.e the process cannot find the CAs What am I doing wrong? :)
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
