hello, When I used the command line, I got the result which seems ok. xmlsec1 --verify --trusted-pem ca.pem --id-attr:AssertionID saml:Assertion assertion.xml OK SignedInfo References (ok/all): 1/1 Manifests References (ok/all): 0/0
Is there some hint? Thanks a lot Weizhong Qiang On 7/15/08, Aleksey Sanin <[EMAIL PROTECTED]> wrote: > Try to reproduce the problem using xmlsec1 command line tool > > Aleksey > > > wz qiang wrote: > > hello, > > I knew it is a openssl problem. :) > > But the strange thing is that the same certificate and ca certificate > > works well when I use tls. > > SSL_CTX_load_verify_locations(sslctx_, ca_file_.c_str(), > NULL) > > > > So I would know whether there is something wrong when I use xmlsec. > > > > Thanks > > Weizhong Qiang > > > > On 7/15/08, Aleksey Sanin <[EMAIL PROTECTED]> wrote: > > > > > > http://www.mail-archive.com/[EMAIL PROTECTED]/msg45532.html > > > > > > wz qiang wrote: > > > > > > > hi all, > > > > I am doing some signature verification test with trusted certificates. > > > > I used > > > > > > > > "xmlSecCryptoAppKeysMngrCertLoad(keys_mngr, > > > ca_file, > > > > > > > xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted)" to load the ca > > > > certificate into keymanager, there is <X509Data/> under > > > > <Signature><KeyInfo/></Signature>. > > > > > > > > But when I verify the signature (xmlSecDSigCtxVerify), I get the > > > > following error. The ca certificate is exactly the one which sign the > > > > certificate under <X509Data/>. > > > > And I also tried to use > > > > xmlSecOpenSSLAppKeysMngrAddCertsFile(keys_mngr, > cafile) > > > > > > > to load the > > > > > > > ca ceriticate, and got the same error. > > > > Could somebody give some hint about sloving this problem? > > > > > > > > > > > > > > > > func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=360:obj=x509-store:subj=X509_verify_cert:error=4:crypto > > > > > > > library function > > > > > failed:subj=/C=NO/ST=Oslo/O=UiO/CN=test;err=20;msg=unable > > > > > > > to get local > > > > > > > issuer certificate > > > > > > > > > > > > func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=408:obj=x509-store:subj=unknown:error=71:certificate > > > > > > > verification failed:err=20;msg=unable to get local issuer certificate > > > > > > > > > > > > func=xmlSecKeysMngrGetKey:file=keys.c:line=1364:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec > > > > > > > library function failed: > > > > > > > > > > > > func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key > > > > > > > is not found: > > > > > > > > > > > > func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec > > > > > > > library function failed: > > > > > > > > > > > > func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec > > > > > > > library function failed: > > > > Signature verification failed for saml:assertion > > > > > > > > Thanks in advance > > > > Weizhong Qiang > > > > _______________________________________________ > > > > xmlsec mailing list > > > > [email protected] > > > > http://www.aleksey.com/mailman/listinfo/xmlsec > > > > > > > > > > > > > _______________________________________________ > > xmlsec mailing list > > [email protected] > > http://www.aleksey.com/mailman/listinfo/xmlsec > > > _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
