Hi Aleksey! I'm trying to develop simple license system using xmlsec library. My idea was to build simple private PKI with one CA key pair and separate key-pair for each customer. Then I planned to sign xml license file with client certificate for each client.
I decided to embbed CA certificate in our app and verify certificate chain from xml file up to CA certificate. But I have a problem with xmlsec library. I can't find how to verify full certificate chain with it. I used example from here http://www.aleksey.com/xmlsec/api/xmlsec-verify-with-x509.html· and I have a problem when certificate chain is invalid. I got error to console: func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=360:obj=x509-store:subj=X509_verify_cert:error=4:crypto library function failed:subj=/C=UA/ST=Kyiv region/L=Kyiv/O=test/OU=test/CN=server1/emailAddress=s func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=408:obj=x509-store:subj=unknown:error=71:certificate verification failed:err=20;msg=unable to get local issuer certificate OK SignedInfo References (ok/all): 1/1· Manifests References (ok/all): 0/0· but verification result dsigCtx->status has xmlSecDSigStatusSucceeded value. Can you tell me how can I verify that certificate chain is invalid with xmlsec api?
_______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
