Helo List,
I am trying to get XMLSEC to verify a signature, and it seems to result in an openssl error that will not trust the brazilian chain of certification... This is the command and result: ######### Command begins: $ export LD_LIBRARY_PATH=/opt/local/lib; ./xmlsec1 --verify --id-attr:Id infNFe --trusted-pem /Library/certs/USINA.pem /Users/bernardo/Desktop/teste.xml func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=360:obj=x509-store:subj=X509_verify_cert:error=4:crypto library function failed:subj=/C=BR/O=ICP-Brasil/OU=Autoridade Certificadora SERPROACF/OU=PRONOVA/OU=Pessoa Juridica A1/L=QUEIMADOS/ST=RJ/CN=USINA BRASILEIRA DE CRISTOBALITA LTDA:73264202000114;err=20;msg=unable to get local issuer certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=408:obj=x509-store:subj=unknown:error=71:certificate verification failed:err=20;msg=unable to get local issuer certificate func=xmlSecKeysMngrGetKey:file=keys.c:line=1370:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key is not found: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec library function failed: func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec library function failed: Error: signature failed ERROR SignedInfo References (ok/all): 1/1 Manifests References (ok/all): 0/0 Error: failed to verify file "/Users/bernardo/Desktop/teste.xml" ############## Command ends I have read in openssl.org page that I could tell openssl to trust a chain of certificates using the option "-CApath directory", but I have no idea how to pass this option in the above XMLSEC command. I apreciate any help, Thanks, Bernardo Höhl Rio de Janeiro - Brazil _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
