If anyone is willing to do some paid contract work on my xmlsec-based project, Please email me if you are interested.
I hate to give up when I am so close :( I am back to trying the xmlsec command line utility to achieve the desired result. The following command outputs everything I need *except* the <X509IssuerSerial> block (X509IssuerName and X509SerialNumber). xmlsec1 --sign --id-attr:id Body --privkey-pem tfprivkey.crt,tfpubkey.crt tfunsigned.xml > tfsigned.xml What is so frustrating is that when I add the --store-signatures option, it actually displays the serial and name! They just do not make it into the signed file. Also, when I try to verify the result using the following command: xmlsec1 --verify --id-attr:id Body --pubkey-cert-pem tfpubkey.crt tfsigned.xml it returns the following errors: func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=360:obj=x509-store:sub j=X509_verify_cert:error=4:crypto library function failed:subj=/C=US/ST=MS/L=Jackson/O=DC Forms LLC/OU=Transform/CN=www.dctransform.com;err=18;msg=self signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=408:obj=x509-store:sub j=unknown:error=71:certificate verification failed:err=18;msg=self signed certificate Any last suggestions would be greatly appreciated. Regards, Chris McQueen _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
