I've tried this on the command line already. If I add all of the certificates as untrusted (--untrusted pem), and obviously still use the trusted root (--trusted-pem), then xmlsec verifies the signature perfectly with no spurious errors.
Thank you for taking an interest though. On Thu, Feb 21, 2008 at 8:18 PM, Roumen Petrov <[EMAIL PROTECTED]> wrote: > Paul Keeler wrote: > > Still no success I'm afraid. I'm starting to think that the only option > I'm > > left with is to (within my application) manually parse the signed > document > > and add all of the certificates to the untrusted store. > > > > [SNIP] > The valid path must begin with certificates issued by a trust anchor. > So if whole certificate chain is in untrusted store certificate cannot > be validated. > > > Roumen > >
_______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
