Re: [xmlsec] KeyInfo node X509Data gets emptied when singing with xmlsec1

Tue, 08 Mar 2011 08:17:26 -0800 

OK, I've seen this before. Someone reported a very similar problem
on Mac OS X. I recall the issue was related to different OpenSSL
version (compilation/linking vs execution).

Aleksey


On 3/7/11 11:43 PM, Markus Wernig wrote:

Hi Aleksey

I had tried that before. No joy, same result.

As a by-note: The same template file that produces the error on Linux
with xmlsec1 1.2.16 gets signed, X509Certificate populated and all, when
signing it with xmlsec1 v. 1.2.11 on 32 bit OpenBSD. (The only odd thing
being an extra newline that gets inserted before the node
<X509Certificate>  :-)

kind regards
Markus

On 03/07/2011 09:41 PM, Aleksey Sanin wrote:

Try

<SignatureValue>
</SignatureValue>
<KeyInfo>
   <X509Data>
   </X509Data>
</KeyInfo>


Aleksey


On 3/7/11 3:49 AM, Markus Wernig wrote:

Hi all

I have a problem with xmlsec1 1.2.16 (openssl), compiled on 32 bit
Gentoo Linux (from portage, i.e. source).

When signing an XML document that contains a template section for the
X509Data of the signing certificate, the node gets cleared and an empty
newline is inserted instead for every subnode. The signature process
overall succeeds without any messages.

I am using this command:
xmlsec1 --sign --pkcs12 certs/xmlsig-test.p12 --pwd testme --output
tmpl-signed.xml tmpl-sign.xml.
I have verified that the PKCS12 file contains both certificate and
private key.

I have also tried any combination of --X509-skip-strict-checks,
--privkey-[pem|der], --pubkey-[pem|der], after extracting the cert and
key from the .p12. The result remains the same: valid signature, but
X509Data does not get populated (regardless of whether the signing CA
certificate is present or not)

This is the section in question:

Template:
[...]
<SignatureValue>
</SignatureValue>
<KeyInfo>
    <X509Data>
      <X509Certificate>
      </X509Certificate>
    </X509Data>
</KeyInfo>
[...]

Result:
[...]
<SignatureValue>FRBI01gzAf................</SignatureValue>
<KeyInfo>
    <X509Data>

    </X509Data>
</KeyInfo>
[...]

I would be very grateful for any help, as I am still very new to xmlsec.

Thanks and kind regards

Markus
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec

_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec

_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec

Reply via email to