Well, I haven't seen your code so I have no idea what is wrong
with it. You can take a look at what xmlsec command does and
then do copy/paste.
Aleksey
wz qiang wrote:
hello,
When I used the command line, I got the result which seems ok.
xmlsec1 --verify --trusted-pem ca.pem --id-attr:AssertionID
saml:Assertion assertion.xml
OK
SignedInfo References (ok/all): 1/1
Manifests References (ok/all): 0/0
Is there some hint?
Thanks a lot
Weizhong Qiang
On 7/15/08, Aleksey Sanin <[EMAIL PROTECTED]> wrote:
Try to reproduce the problem using xmlsec1 command line tool
Aleksey
wz qiang wrote:
hello,
I knew it is a openssl problem. :)
But the strange thing is that the same certificate and ca certificate
works well when I use tls.
SSL_CTX_load_verify_locations(sslctx_, ca_file_.c_str(),
NULL)
So I would know whether there is something wrong when I use xmlsec.
Thanks
Weizhong Qiang
On 7/15/08, Aleksey Sanin <[EMAIL PROTECTED]> wrote:
http://www.mail-archive.com/[EMAIL PROTECTED]/msg45532.html
wz qiang wrote:
hi all,
I am doing some signature verification test with trusted certificates.
I used
"xmlSecCryptoAppKeysMngrCertLoad(keys_mngr,
ca_file,
xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted)" to load the ca
certificate into keymanager, there is <X509Data/> under
<Signature><KeyInfo/></Signature>.
But when I verify the signature (xmlSecDSigCtxVerify), I get the
following error. The ca certificate is exactly the one which sign the
certificate under <X509Data/>.
And I also tried to use
xmlSecOpenSSLAppKeysMngrAddCertsFile(keys_mngr,
cafile)
to load the
ca ceriticate, and got the same error.
Could somebody give some hint about sloving this problem?
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=360:obj=x509-store:subj=X509_verify_cert:error=4:crypto
library function
failed:subj=/C=NO/ST=Oslo/O=UiO/CN=test;err=20;msg=unable
to get local
issuer certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=408:obj=x509-store:subj=unknown:error=71:certificate
verification failed:err=20;msg=unable to get local issuer certificate
func=xmlSecKeysMngrGetKey:file=keys.c:line=1364:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec
library function failed:
func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key
is not found:
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec
library function failed:
func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec
library function failed:
Signature verification failed for saml:assertion
Thanks in advance
Weizhong Qiang
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
