Yes, it will get a key from the certificate! You need a trusted certificate (e.g. root CA certificate) to have the certificate in the signature verified.
Aleksey Jim Nutt wrote:
Ok, a bit more info. The xmlsec utility will verify the signature without being passed the pem file separately, so it apparently is able to suck the key from the signature. I'm trying to create a minimal size code set that demonstrates the problem, I'll post that when I have it.
_______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
