Hi Aleksey,<br><br>I ve a problem where i v a root CA and and two certificates in the chain, when i try to verify the chain using openssl it works :<br>openssl verify -CAfile root.pem EE.pem <br><br>but when i to to verify using xmlsec it fails with the error :<br>
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=360:obj=x509-store:subj=X509_verify_cert:error=4:crypto library function failed:subj=/C=CN/ST=BJ/O=JIL/OU=JIL/CN=JIL EE demo;err=20;msg=unable to get local issuer certificate<br>
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=408:obj=x509-store:subj=unknown:error=71:certificate verification failed:err=20;msg=unable to get local issuer certificate<br>func=xmlSecKeysMngrGetKey:file=keys.c:line=1364:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec library function failed: <br>
func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=884:obj=unknown:subj=unknown:error=45:key is not found: <br>func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=578:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec library function failed: <br>
func=xmlSecDSigCtxVerify:file=xmldsig.c:line=379:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec library function failed: <br>Error: signature failed <br>ERROR<br>SignedInfo References (ok/all): 6/6<br>Manifests References (ok/all): 0/0<br>
<br><br>Does xmlsec imposes ny additional constraint on the certificate validation and if yes what are they ?<br><br>Regards,<br>Ashish<br>