In xmlSecOpenSSLX509StoreInitialize() function
(xmlsec/src/openssl/x509vfy.c file) change the code
as follows:
Index: x509vfy.c
===================================================================
--- x509vfy.c (revision 988)
+++ x509vfy.c (working copy)
@@ -638,7 +638,9 @@
path = xmlSecOpenSSLGetDefaultTrustedCertsFolder();
if(path != NULL) {
- if(!X509_LOOKUP_add_dir(lookup, (char*)path, X509_FILETYPE_PEM)) {
+ int ret = X509_LOOKUP_add_dir(lookup, (char*)path,
X509_FILETYPE_PEM);
+ if(!ret) {
+ printf("error: %s, %d\n", path, ret);
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
"X509_LOOKUP_add_dir",
This will print you the actual folder path and the returned openssl
error.
Aleksey
Wolf Noble wrote:
Hi guys,
I’ve googled extensively, removed clumps of hair, sacrificed a small
chicken, recompiled xmlsec a few times, reinstalled openssl rpms... To
no avail.
Here’s my setup:
In testing, I’m running centos, with openssl 0.9.7a rpm installed,
xmlsec 1.2.11 compiled from source.
In production, I’m running RHEL, with openssl 0.9.7a and openssl-devel
0.9.7a rpms installed, xmlsec 1.2.11 compiled from source.
In testing, xmlsec works fine.
In production, attempting to run xmlsec results in the following:
[EMAIL PROTECTED] foo]# xmlsec1 --sign --privkey-pem dsaprivkey.pem --pubkey-der
dsapubkey.der --output foo.xml in.xml
func=xmlSecOpenSSLX509StoreInitialize:file=x509vfy.c:line=651:obj=x509-store:subj=X509_LOOKUP_add_dir:error=4:crypto
library function failed:
func=xmlSecKeyDataStoreCreate:file=keysdata.c:line=1328:obj=x509-store:subj=id->initialize:error=1:xmlsec
library function failed:
func=xmlSecOpenSSLKeysMngrInit:file=crypto.c:line=313:obj=unknown:subj=xmlSecKeyDataStoreCreate:error=1:xmlsec
library function failed:xmlSecOpenSSLX509StoreId
func=xmlSecOpenSSLAppDefaultKeysMngrInit:file=app.c:line=1270:obj=unknown:subj=xmlSecOpenSSLKeysMngrInit:error=1:xmlsec
library function failed:
Error: failed to initialize keys manager.
Error: keys manager creation failed
Several posts on the web have stated this to be “something wrong with
the openssl certs dir”
But /usr/share/ssl exists, and I don’t see anything wrong with it.
I’ve not seen anyone’s solutions to the problem, just a vague pointer to
something wrong.
Can anyone help shed a little light on what I’m missing? I’ve got to get
this working today.
Thanks much in advance. Your pointers are appreciated.
-Wolf
------------------------------------------------------------------------
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
