Hi, Thanks. I had misunderstood a concept. Now it works fine.
One more question: In this case I know the start and end date of the certificate. What if I dont know the expiry date of the certificate? Then, how can I bypass expiry date checking of certificates? Will *XMLSEC_KEYINFO_FLAGS_X509DATA_SKIP_STRICT_CHECKS* flag be of any help? The available documentation on xmlsec says "if the flag is set then we'll skip strict checking of certs and CRLs" . What parameters of a certificate are skipped if we use this flag? If there is no way to handle it in xmlsec, Any pointers to alternate solutions(maybe openssl) would be of great help.. Thanks and Regards, Mahendra Naik 2010/11/22 Aleksey Sanin <[email protected]> > Try > > --verification-time "2010-11-12 20:45:34" > > > On 11/22/10 2:37 AM, mahendra N wrote: > >> Hi , >> I have tried the folowing command >> >> xmlsec1 --verify --id-attr:Id LicenceData --verification-time >> "2010-12-12 20:45:34" --trusted-pem root_kuc.pem license.xml >> >> license.xml is signed by root_kuc.pem, which expires on 2010-12-02. >> >> I get the following error: >> >> >> func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=360:obj=x509-store:subj=X509_verify_cert:error=4:crypto >> library function failed:subj=/C=US/ST=Newyork/O=Company/OU=BI/CN=Company >> Licence Generator ILG;err=10;msg=certificate has expired >> >> func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=400:obj=x509-store:subj=unknown:error=76:certificate >> has expirred:err=10;msg=certificate has expired >> >> func=xmlSecKeysMngrGetKey:file=keys.c:line=1364:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec >> library function failed: >> >> func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key >> is not found: >> >> func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec >> library function failed: >> >> func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec >> library function failed: >> Error: signature failed >> ERROR >> SignedInfo References (ok/all): 1/1 >> Manifests References (ok/all): 0/0 >> Error: failed to verify file "license.xml" >> >> Thanks and Regards, >> Mahendra Naik >> >> 2010/11/22 mahendra N <[email protected] >> <mailto:[email protected]>> >> >> >> Hi, >> >> I want to verify a file, signed with a digital certificate which >> has expired. Is there a way in xmlsec to skip the checking of expiry >> date of certificates, and only check for the keys? >> >> >> Thanks and Regards, >> Mahendra Naik >> >> >> >> >> _______________________________________________ >> xmlsec mailing list >> [email protected] >> http://www.aleksey.com/mailman/listinfo/xmlsec >> >
_______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
