Aleksey, The cert in cert/ folder but I got the error as bellows:
[jabber@localhost xmlsec-demo]$ ./verify1 example/sample-res.xml cert/cicert.pem func=xmlSecOpenSSLAppKeyLoadBIO:file=app.c:line=263:obj=unknown:subj=PEM_re ad_bio_PrivateKey and PEM_read_bio_PUBKEY:error=4:crypto library function failed: func=xmlSecOpenSSLAppKeyLoad:file=app.c:line=153:obj=unknown:subj=xmlSecOpe nSSLAppKeyLoadBIO:error=1:xmlsec library function failed:filename=cert/cicert.pem;errno=0 Error: failed to load public pem key from "cert/cicert.pem" -Jeffrey On 5/22/13 12:17 PM, "Aleksey Sanin" <[email protected]> wrote: >If you set the key in xmldsigctx then it will never get there anyway. > >Otherwise, check enabledKeyData in xmlSecKeyInfoCtx (there are examples >in the xmlsec1 command line tool source code) > >Aleksey > >On 5/21/13 9:14 PM, Jeffrey Jin (jefjin) wrote: >> Thanks Aleksey quick response. I will try it. >> I have another question: how to disable certificate validation in >>xmlsec? >> >> On 5/22/13 12:10 PM, "Aleksey Sanin" <[email protected]> wrote: >> >>> If you know the public key in advance then you can set it in xmlDsigCtx >>> >>> Aleksey >>> >>> On 5/21/13 9:02 PM, Jeffrey Jin (jefjin) wrote: >>>> Hi All, >>>> >>>> We are using XMLSec to handle XML signature and encryption in SAML 1.0 >>>> and 2.0 protocols. We are pre-configed the configuration data such as >>>> IDP certificate using metadata. So even the response include >>>> "KeyInfo/X509Data", we will ignore it then using local pre-config >>>> certificate to verify it and we assume SP totally trust this >>>> certificate. So also we won't use CA certificate to verify the >>>> pre-config certificate's legitimacy. >>>> >>>> I dig into code then find: >>>> >>>> /* ignore <dsig:KeyInfo /> if there is the key is already set */ >>>> /* todo: throw an error if key is set and node != NULL? */ >>>> if((dsigCtx->signKey == NULL) && (dsigCtx->keyInfoReadCtx.keysMngr >>>> != NULL) >>>> && (dsigCtx->keyInfoReadCtx.keysMngr->getKey >>>>!= >>>> NULL)) { >>>> dsigCtx->signKey = >>>> (dsigCtx->keyInfoReadCtx.keysMngr->getKey)(node, >>>> &(dsigCtx->keyInfoReadCtx)); >>>> } >>>> >>>> Does it means I need to set dsigCtx->signKey? And what's meaning of >>>> dsigCtx->signKey? Is it private key from IDP? (we never can get >>>>private >>>> key from IDP). How can I meet this requirement by xmlsec? >>>> >>>> >>>> Thanks, >>>> >>>> Jeffrey >>>> >>>> >>>> >>>> _______________________________________________ >>>> xmlsec mailing list >>>> [email protected] >>>> http://www.aleksey.com/mailman/listinfo/xmlsec >>>> >> _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
