Re: [xmlsec] a problem about transplant xmlsec lib to mips64 platform

Tue, 10 Apr 2007 09:06:47 -0700 

Unrelated to id attribute :) The error is in openssl again.
Some extension is not supported.

Aleksey

shuang chen wrote:

Hi Aleksey
another problem to bother you, my application need use the id-attribute, so I just run the xml-cmd line tools, I was success run it on Linux Pc, but failed on mips64 platform, it seems the problem comes from openssl, I hope you can still give me some suggestion, thanks octeon:/opt/xmlsec_openssl/bin# *./xmlsec1 --verify --id-attr:Id LicenceData --store-signatures --enable-visa3d-hack --trusted-pem root.crt --X509-skip-strict-checks D0185601.XML *func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=360:obj=x509-store:subj=X509_verify_cert:error=4:crypto library function failed:subj=/C=FI/O=Nokia/CN=Nokia NET Licence Generator ILG;err=34;msg=unhandled critical extension func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=408:obj=x509-store:subj=unknown:error=71:certificate verification failed:err=34;msg=unhandled critical extension func=xmlSecKeysMngrGetKey:file=keys.c:line=1364:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key is not found: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec library function failed: func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec library function failed: 
Error: signature failed
ERROR
SignedInfo References (ok/all): 1/1
Manifests References (ok/all): 0/0
= VERIFICATION CONTEXT
== Status: unknown
== flags: 0x00000018
== flags2: 0x00000000
== Id: "licRAN1001LK-pkisig-1"
== Key Info Read Ctx:
= KEY INFO READ CONTEXT
== flags: 0x00004000
== flags2: 0x00000000
== enabled key data: all
== RetrievalMethod level (cur/max): 0/1
== TRANSFORMS CTX (status=0)
== flags: 0x00000000
== flags2: 0x00000000
== enabled transforms: all
=== uri: NULL
=== uri xpointer expr: NULL
== EncryptedKey level (cur/max): 0/1
=== KeyReq:
==== keyId: rsa
==== keyType: 0x00000001
==== keyUsage: 0x00000002
==== keyBitsSize: 0
=== list size: 0
== Key Info Write Ctx:
= KEY INFO WRITE CONTEXT
== flags: 0x00000000
== flags2: 0x00000000
== enabled key data: all
== RetrievalMethod level (cur/max): 0/1
== TRANSFORMS CTX (status=0)
== flags: 0x00000000
== flags2: 0x00000000
== enabled transforms: all
=== uri: NULL
=== uri xpointer expr: NULL
== EncryptedKey level (cur/max): 0/1
=== KeyReq:
==== keyId: NULL
==== keyType: 0x00000001
==== keyUsage: 0xffffffff
==== keyBitsSize: 0
=== list size: 0
== Signature Transform Ctx:
== TRANSFORMS CTX (status=0)
== flags: 0x00000000
== flags2: 0x00000000
== enabled transforms: all
=== uri: NULL
=== uri xpointer expr: NULL
=== Transform: c14n-with-comments (href=http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments) 
=== Transform: membuf-transform (href=NULL)
=== Transform: rsa-sha1 (href=http://www.w3.org/2000/09/xmldsig#rsa-sha1)
== Signature Method:
=== Transform: rsa-sha1 (href= http://www.w3.org/2000/09/xmldsig#rsa-sha1)
== SignedInfo References List:
=== list size: 1
= REFERENCE VERIFICATION CONTEXT
== Status: succeeded
== URI: "#licRAN1001LK"
== Reference Transform Ctx:
== TRANSFORMS CTX (status=2)
== flags: 0x00000001
== flags2: 0x00000000
== enabled transforms: all
=== uri:
=== uri xpointer expr: #licRAN1001LK
=== Transform: Visa3DHackTransform (href=NULL)
=== Transform: c14n-with-comments (href= http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments) === Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1 <http://www.w3.org/2000/09/xmldsig#sha1>) 
=== Transform: membuf-transform (href=NULL)
== Digest Method:
=== Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1)
== Manifest References List:
=== list size: 0
Error: failed to verify file "D0185601.XML"
octeon:/opt/xmlsec_openssl/bin#
On 4/9/07, *Aleksey Sanin* <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> wrote: 

    So easy :)

    Aleksey

    shuang chen wrote:
     > Thanks a lot, the problem solved, the machine date is not correct
    :-)
     >
     > On 4/9/07, *Aleksey Sanin* <[EMAIL PROTECTED]
    <mailto:[EMAIL PROTECTED]>
     > <mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>> wrote:
     >
     >      > error 9 at 1 depth lookup:certificate is not yet valid
     >
     >     Could you please check the date/time on this machine?
     >
     >     Aleksey
     >
     >
     >
     >



_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec

Reply via email to