Hi , I have tried the folowing command xmlsec1 --verify --id-attr:Id LicenceData --verification-time "2010-12-12 20:45:34" --trusted-pem root_kuc.pem license.xml
license.xml is signed by root_kuc.pem, which expires on 2010-12-02. I get the following error: func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=360:obj=x509-store:subj=X509_verify_cert:error=4:crypto library function failed:subj=/C=US/ST=Newyork/O=Company/OU=BI/CN=Company Licence Generator ILG;err=10;msg=certificate has expired func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=400:obj=x509-store:subj=unknown:error=76:certificate has expirred:err=10;msg=certificate has expired func=xmlSecKeysMngrGetKey:file=keys.c:line=1364:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key is not found: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec library function failed: func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec library function failed: Error: signature failed ERROR SignedInfo References (ok/all): 1/1 Manifests References (ok/all): 0/0 Error: failed to verify file "license.xml" Thanks and Regards, Mahendra Naik 2010/11/22 mahendra N <[email protected]> > Hi, > > I want to verify a file, signed with a digital certificate which has > expired. Is there a way in xmlsec to skip the checking of expiry date of > certificates, and only check for the keys? > > > Thanks and Regards, > Mahendra Naik >
_______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
