Nope. This flag is about self signed certs, etc. You can load cert and get the dates from it. Or you can patch xmlsec and disable this check (I would advise against it but this is your code).
Aleksey On 11/23/10 1:47 AM, mahendra N wrote:
Hi, Thanks. I had misunderstood a concept. Now it works fine. One more question: In this case I know the start and end date of the certificate. What if I dont know the expiry date of the certificate? Then, how can I bypass expiry date checking of certificates? Will /*XMLSEC_KEYINFO_FLAGS_X509DATA_SKIP_STRICT_CHECKS*/ flag be of any help? The available documentation on xmlsec says "if the flag is set then we'll skip strict checking of certs and CRLs" . What parameters of a certificate are skipped if we use this flag? If there is no way to handle it in xmlsec, Any pointers to alternate solutions(maybe openssl) would be of great help.. Thanks and Regards, Mahendra Naik 2010/11/22 Aleksey Sanin <[email protected] <mailto:[email protected]>> Try --verification-time "2010-11-12 20:45:34" On 11/22/10 2:37 AM, mahendra N wrote: Hi , I have tried the folowing command xmlsec1 --verify --id-attr:Id LicenceData --verification-time "2010-12-12 20:45:34" --trusted-pem root_kuc.pem license.xml license.xml is signed by root_kuc.pem, which expires on 2010-12-02. I get the following error: func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=360:obj=x509-store:subj=X509_verify_cert:error=4:crypto library function failed:subj=/C=US/ST=Newyork/O=Company/OU=BI/CN=Company Licence Generator ILG;err=10;msg=certificate has expired func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=400:obj=x509-store:subj=unknown:error=76:certificate has expirred:err=10;msg=certificate has expired func=xmlSecKeysMngrGetKey:file=keys.c:line=1364:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key is not found: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec library function failed: func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec library function failed: Error: signature failed ERROR SignedInfo References (ok/all): 1/1 Manifests References (ok/all): 0/0 Error: failed to verify file "license.xml" Thanks and Regards, Mahendra Naik 2010/11/22 mahendra N <[email protected] <mailto:[email protected]> <mailto:[email protected] <mailto:[email protected]>>> Hi, I want to verify a file, signed with a digital certificate which has expired. Is there a way in xmlsec to skip the checking of expiry date of certificates, and only check for the keys? Thanks and Regards, Mahendra Naik _______________________________________________ xmlsec mailing list [email protected] <mailto:[email protected]> http://www.aleksey.com/mailman/listinfo/xmlsec
_______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
