First post bounced ? -----Original Message----- From: Edward Shallow [mailto:[EMAIL PROTECTED] Sent: January 13, 2006 9:34 AM To: 'Aleksey Sanin' Subject: Cert Chain Validation 1.2.8 mscrypto
Aleksey, I think I might have something here ... This output looks very very close to yours ... Since you didn't send me the entire stderr output, please comment on the attached I ran the same tests as you Note error messages ... Error lines 3, 4, 5, and 6 only appear in the 1st run when trusted cert is NOT loaded, so the 45: key is not found must be the upu-cacert.der This is good. Error lines 3, 4, 5, and 6 do not appear in the 2nd run, also good. What does appear in both runs are error lines 1 and 2 claiming something invalid (xmlSecMSCryptoCertStrToName) about the KeyName I suspect. This threw me off. Did you ignore these 2 messages when reporting results to me. The final OK SignedInfo References (ok/all): 1/1 Manifests References (ok/all): 0/0 does look good. Can error messages 1 and 2 be ignored ? Ed 1st Run Without trusted der loaded ********************************** C:\XMLSec>xmlsec verify --crypto mscrypto inout/edsigned-enveloped.xml 1) func=xmlSecMSCryptoX509FindCert:file=..\src\mscrypto\x509vfy.c:line=754:obj= unknown:subj=xmlSecMSCryptoCertStrToName:error=1:xmlsec library function failed: ;last error=-2146885597 (0x80092023);last error msg=The string contains an invalid X500 name attribute key, oid, value or delimiter. 2) func=xmlSecMSCryptoX509FindCert:file=..\src\mscrypto\x509vfy.c:line=754:obj= unknown:subj=xmlSecMSCryptoCertStrToName:error=1:xmlsec library function failed: ;last error=-2146885597 (0x80092023);last error msg=The string contains an invalid X500 name attribute key, oid, value or delimiter. 3) func=xmlSecKeysMngrGetKey:file=..\src\keys.c:line=1364:obj=unknown:subj=xmlS ecKeysMngrFindKey:error=1:xmlsec library function failed: ;last error=-2146885628 (0x80092004);last error msg=Cannot find object or property. 4) func=xmlSecDSigCtxProcessKeyInfoNode:file=..\src\xmldsig.c:line=871:obj=unkn own:subj=unknown:error=45:key is not found: ;last error=-2146885628 (0x80092004);last error msg=Cannot find object or property. 5) func=xmlSecDSigCtxProcessSignatureNode:file=..\src\xmldsig.c:line=565:obj=un known:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec library function failed: ;last error=-2146885628 (0x80092004);last error msg=Cannot find object or property. 6) func=xmlSecDSigCtxVerify:file=..\src\xmldsig.c:line=366:obj=unknown:subj=xml SecDSigCtxSigantureProcessNode:error=1:xmlsec library function failed: ;last error=-2146885628 (0x80092004);last error msg=Cannot find object or property. Error: signature failed ERROR SignedInfo References (ok/all): 1/1 Manifests References (ok/all): 0/0 Error: failed to verify file "inout/edsigned-enveloped.xml" 2nd Run With trusted der loaded ******************************* C:\XMLSec>xmlsec.bat C:\XMLSec>xmlsec verify --crypto mscrypto --trusted-der keys/upu-cacert.der inout/edsigned-enveloped.xml 1) func=xmlSecMSCryptoX509FindCert:file=..\src\mscrypto\x509vfy.c:line=754:obj= unknown:subj=xmlSecMSCryptoCertStrToName:error=1:xmlsec library function failed: ;last error=-2146885597 (0x80092023);last error msg=The string contains an invalid X500 name attribute key, oid, value or delimiter. 2) func=xmlSecMSCryptoX509FindCert:file=..\src\mscrypto\x509vfy.c:line=754:obj= unknown:subj=xmlSecMSCryptoCertStrToName:error=1:xmlsec library function failed: ;last error=-2146885597 (0x80092023);last error msg=The string contains an invalid X500 name attribute key, oid, value or delimiter. OK SignedInfo References (ok/all): 1/1 Manifests References (ok/all): 0/0 _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
