Re: [xmlsec] Verifying signature with embedded x509 cert

Tue, 04 Dec 2007 07:30:35 -0800 

Try this one then xmlSecOpenSSLAppKeyCertLoadMemory()

Aleksey

Jim Nutt wrote:
No joy. It refuses to load the key. The irony is that I can use the xmlsec utility and pass it the name of the temp file I create with the key and it will load and verify. It just won't do it in my program. Here's the errors I'm seeing:
func=xmlSecOpenSSLAppKeyLoadBIO:file=app.c:line=260:obj=unknown:subj=d2i_PrivateKey_bio and d2i_PUBKEY_bio:error=4:crypto library function failed: func=xmlSecOpenSSLAppKeyLoadMemory:file=app.c:line=193:obj=unknown:subj=xmlSecOpenSSLAppKeyLoadBIO:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key is not found: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec library function failed: func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec library function failed:
The signature will verify with the xmlsec utility if I pass it the cert, just not from my program. My next step is to reduce things to the bare essentials and try again
On Dec 4, 2007 2:03 AM, Aleksey Sanin <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> wrote: 

    xmlSecOpenSSLAppKeyLoadMemory() ???

    Aleksey

    Jim Nutt wrote:
     > Ok, I'm pulling my hair out on this one. I'm trying to verify an xml
     > signature based on the x509 certificate embedded in the keyinfo
    and I
     > can not get it to work. If I verify using the same pem file I
    used for
     > signing, it verifies ok, so I know the signature is valid. The
    problem
     > is getting it to validate without going to the original pem file.
    I've
     > tried the straight forward method of letting xmlSecDSigVerify
    load the
     > key, but it can't find the key in signature. I've even tried
    writing the
     > base64 data to a file (bracketed with -----BEGIN CERTIFICATE-----
    and
     > -----END CERTIFICATE-----) and then loading that file as the
     > certificate. It refuses to read the file. And yes, I know the
    file is a
     > valid pem file because openssl x509 -in filename -text reads it
    just fine.
     >
     > Any suggestions would be greatly appreciated, as I'm on a time
    crunch on
     > this (now... wasn't when I started... *sigh*)
     >
     > --
     > Jim Nutt
     > http://jim.nuttz.org <http://jim.nuttz.org>
     >
     >
     >
    ------------------------------------------------------------------------
     >
     > _______________________________________________
     > xmlsec mailing list
     > [email protected] <mailto:[email protected]>
     > http://www.aleksey.com/mailman/listinfo/xmlsec
    <http://www.aleksey.com/mailman/listinfo/xmlsec>




--
Jim Nutt
http://jim.nuttz.org

_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec

Reply via email to