Paul Keeler wrote:
I've tried this on the command line already. If I add all of the
certificates as untrusted (--untrusted pem), and obviously still use the
trusted root (--trusted-pem), then xmlsec verifies the signature perfectly
with no spurious errors.
[SNIP]
This is a long e-mail thread and I lost the head.
I self signed root certificate shouldn't go in xml document:
chain: C1(root)->C2->C3->C4->C4
C1 in trusted local store (command line or default openssl)
C2->C3->C4->C4 in xml document
I think if document is without C1 error(warning) will disappear.
Paul, if C1 in not in local trusted store, but all five are in xml, did
xmlsec validate document ?
Aleksey did presence of self signed root certificate in document violate
standard ?
Roumen
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
