Hi Aleksey, Taking pointers from this mail thred: http://www.aleksey.com/pipermail/xmlsec/2008/008300.html
I also tried extracting the intermediate CA cert from my signed file and give it as a untrusted input, still the verification fails. xmlsec1 --verify --trusted-pem Root.pem --untrusted-pem .pem signa ture.xml Regards, Ashish On Thu, Jun 4, 2009 at 8:25 PM, Ashish Agrawal <[email protected]> wrote: > Hi Aleksey, > > My signature.xml file has two certificate, one is the end certificate and > the other is the intermediate CA. > In the intermediate certificate also the "CA" field is true .Could this be > the root cause of the problem. > > Attaching the intermediate CA pem file > > Thanks for ur help. > > Regards, > Ashish > > > > On Thu, Jun 4, 2009 at 8:21 PM, Aleksey Sanin <[email protected]> wrote: > >> This error means that xmlsec can't build certs chain for some reasons. >> >> Aleksey >> >> Ashish Agrawal wrote: >> >>> Hi Aleksey, >>> >>> I ve a problem where i v a root CA and and two certificates in the chain, >>> when i try to verify the chain using openssl it works : >>> openssl verify -CAfile root.pem EE.pem >>> but when i to to verify using xmlsec it fails with the error : >>> func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=360:obj=x509-store:subj=X509_verify_cert:error=4:crypto >>> library function failed:subj=/C=CN/ST=BJ/O=JIL/OU=JIL/CN=JIL EE >>> demo;err=20;msg=unable to get local issuer certificate >>> func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=408:obj=x509-store:subj=unknown:error=71:certificate >>> verification failed:err=20;msg=unable to get local issuer certificate >>> func=xmlSecKeysMngrGetKey:file=keys.c:line=1364:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec >>> library function failed: >>> func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=884:obj=unknown:subj=unknown:error=45:key >>> is not found: >>> func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=578:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec >>> library function failed: >>> func=xmlSecDSigCtxVerify:file=xmldsig.c:line=379:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec >>> library function failed: >>> Error: signature failed >>> ERROR >>> SignedInfo References (ok/all): 6/6 >>> Manifests References (ok/all): 0/0 >>> >>> >>> Does xmlsec imposes ny additional constraint on the certificate >>> validation and if yes what are they ? >>> >>> Regards, >>> Ashish >>> >>> >>> ------------------------------------------------------------------------ >>> >>> _______________________________________________ >>> xmlsec mailing list >>> [email protected] >>> http://www.aleksey.com/mailman/listinfo/xmlsec >>> >> >
_______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
