hello, I knew it is a openssl problem. :) But the strange thing is that the same certificate and ca certificate works well when I use tls. SSL_CTX_load_verify_locations(sslctx_, ca_file_.c_str(), NULL)
So I would know whether there is something wrong when I use xmlsec. Thanks Weizhong Qiang On 7/15/08, Aleksey Sanin <[EMAIL PROTECTED]> wrote: > http://www.mail-archive.com/[EMAIL PROTECTED]/msg45532.html > > wz qiang wrote: > > > > hi all, > > I am doing some signature verification test with trusted certificates. > > I used > "xmlSecCryptoAppKeysMngrCertLoad(keys_mngr, > ca_file, > > xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted)" to load the ca > > certificate into keymanager, there is <X509Data/> under > > <Signature><KeyInfo/></Signature>. > > > > But when I verify the signature (xmlSecDSigCtxVerify), I get the > > following error. The ca certificate is exactly the one which sign the > > certificate under <X509Data/>. > > And I also tried to use > > xmlSecOpenSSLAppKeysMngrAddCertsFile(keys_mngr, cafile) > to load the > > ca ceriticate, and got the same error. > > Could somebody give some hint about sloving this problem? > > > > > func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=360:obj=x509-store:subj=X509_verify_cert:error=4:crypto > > library function > > failed:subj=/C=NO/ST=Oslo/O=UiO/CN=test;err=20;msg=unable > to get local > > issuer certificate > > > func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=408:obj=x509-store:subj=unknown:error=71:certificate > > verification failed:err=20;msg=unable to get local issuer certificate > > > func=xmlSecKeysMngrGetKey:file=keys.c:line=1364:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec > > library function failed: > > > func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key > > is not found: > > > func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec > > library function failed: > > > func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec > > library function failed: > > Signature verification failed for saml:assertion > > > > Thanks in advance > > Weizhong Qiang > > _______________________________________________ > > xmlsec mailing list > > [email protected] > > http://www.aleksey.com/mailman/listinfo/xmlsec > > > _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
