No joy. It refuses to load the key. The irony is that I can use the xmlsec utility and pass it the name of the temp file I create with the key and it will load and verify. It just won't do it in my program. Here's the errors I'm seeing:
func=xmlSecOpenSSLAppKeyLoadBIO:file= app.c:line=260:obj=unknown:subj=d2i_PrivateKey_bio and d2i_PUBKEY_bio:error=4:crypto library function failed: func=xmlSecOpenSSLAppKeyLoadMemory:file= app.c:line=193:obj=unknown:subj=xmlSecOpenSSLAppKeyLoadBIO:error=1:xmlseclibrary function failed: func=xmlSecDSigCtxProcessKeyInfoNode:file= xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key is not found: func=xmlSecDSigCtxProcessSignatureNode:file= xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlseclibrary function failed: func=xmlSecDSigCtxVerify:file= xmldsig.c:line=366:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlseclibrary function failed: The signature will verify with the xmlsec utility if I pass it the cert, just not from my program. My next step is to reduce things to the bare essentials and try again On Dec 4, 2007 2:03 AM, Aleksey Sanin <[EMAIL PROTECTED]> wrote: > xmlSecOpenSSLAppKeyLoadMemory() ??? > > Aleksey > > Jim Nutt wrote: > > Ok, I'm pulling my hair out on this one. I'm trying to verify an xml > > signature based on the x509 certificate embedded in the keyinfo and I > > can not get it to work. If I verify using the same pem file I used for > > signing, it verifies ok, so I know the signature is valid. The problem > > is getting it to validate without going to the original pem file. I've > > tried the straight forward method of letting xmlSecDSigVerify load the > > key, but it can't find the key in signature. I've even tried writing the > > base64 data to a file (bracketed with -----BEGIN CERTIFICATE----- and > > -----END CERTIFICATE-----) and then loading that file as the > > certificate. It refuses to read the file. And yes, I know the file is a > > valid pem file because openssl x509 -in filename -text reads it just > fine. > > > > Any suggestions would be greatly appreciated, as I'm on a time crunch on > > this (now... wasn't when I started... *sigh*) > > > > -- > > Jim Nutt > > http://jim.nuttz.org <http://jim.nuttz.org> > > > > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > xmlsec mailing list > > [email protected] > > http://www.aleksey.com/mailman/listinfo/xmlsec > -- Jim Nutt http://jim.nuttz.org
_______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
