Hi Aleksey, My signature.xml file has two certificate, one is the end certificate and the other is the intermediate CA. In the intermediate certificate also the "CA" field is true .Could this be the root cause of the problem.
Attaching the intermediate CA pem file Thanks for ur help. Regards, Ashish On Thu, Jun 4, 2009 at 8:21 PM, Aleksey Sanin <[email protected]> wrote: > This error means that xmlsec can't build certs chain for some reasons. > > Aleksey > > Ashish Agrawal wrote: > >> Hi Aleksey, >> >> I ve a problem where i v a root CA and and two certificates in the chain, >> when i try to verify the chain using openssl it works : >> openssl verify -CAfile root.pem EE.pem >> but when i to to verify using xmlsec it fails with the error : >> func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=360:obj=x509-store:subj=X509_verify_cert:error=4:crypto >> library function failed:subj=/C=CN/ST=BJ/O=JIL/OU=JIL/CN=JIL EE >> demo;err=20;msg=unable to get local issuer certificate >> func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=408:obj=x509-store:subj=unknown:error=71:certificate >> verification failed:err=20;msg=unable to get local issuer certificate >> func=xmlSecKeysMngrGetKey:file=keys.c:line=1364:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec >> library function failed: >> func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=884:obj=unknown:subj=unknown:error=45:key >> is not found: >> func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=578:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec >> library function failed: >> func=xmlSecDSigCtxVerify:file=xmldsig.c:line=379:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec >> library function failed: >> Error: signature failed >> ERROR >> SignedInfo References (ok/all): 6/6 >> Manifests References (ok/all): 0/0 >> >> >> Does xmlsec imposes ny additional constraint on the certificate validation >> and if yes what are they ? >> >> Regards, >> Ashish >> >> >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> xmlsec mailing list >> [email protected] >> http://www.aleksey.com/mailman/listinfo/xmlsec >> >
int.pem
Description: Binary data
_______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
