[xmlsec] Re: [Bug 107003] Changed - xmlsec does not allow self-signed X509 certificates

Aleksey Sanin aleksey@aleksey.com
Wed, 26 Feb 2003 07:53:18 -0800 

This is a multi-part message in MIME format.
--------------050208010503010205090806
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

>
>
>When I run the following on the attached files, I get the error below:
>
>xmlsec sign --privkey DumpedKey.pem,DumpedCert.pem --output x1-sig.xml
>x1-sig-template.xml
>  
>
You have a minor problem in your templpate: you've had
empty <ds:X509Certificate/> element in <ds:X509Data/>
element and this caused Base64 error you've seen :)
Removing it solved all the problems and the command above
succeded (see attached file).

>So not knowing exactly what was wrong I stored the X500 cert in the template
>and ran the following:
>
>xmlsec sign --privkey DumpedKey.pem,DumpedCert.pem --output x1-sig.xml
>x2-sig-template.xml
>
xmlSecX509StoreVerify (..\src\x509.c:1090): error 41: cert verification
failed : error=18 (self signed certificate)
xmlSecX509DataNodeRead (..\src\keyinfo.c:1196): error 41: cert verification
failed :

You've stored certificate in the template and xmlsec decided
that it needs to read it. And the cert verification failed because
there were no "root" certificate.


I prefer to discuss xmlsec questions in the xmlsec mailing list
so this message is copied to the list.

Aleksey

--------------050208010503010205090806
Content-Type: application/x-gzip;
 name="x1-sig-template.xml.gz"
Content-Transfer-Encoding: base64
Content-Disposition: inline;
 filename="x1-sig-template.xml.gz"

H4sICLThXD4AA3gxLXNpZy10ZW1wbGF0ZS54bWwAnZFPb4IwGMbvfArCDp6gZc6DBDBGPZjF
C25m1wYqNMHWtGWwffqBBYHKkmXX533e5/f+8VfVJTc/MReE0WDmOnC2Cg3T9BPhHUlKkSw4
NmsPFV4iAiuT8uoBUJalU84dxlPwDCEEcAlqTyJI+mQ17X0ATvb0zJSm1A2ijJIY5eQbyZp6
wDJjibnOU8aJzC5TkLeo4bgg2m3sGmTH7gu1GwXO3YUV+uDX3CH5vtBfkPpeXCBbZMhtaVrW
EBPhM+aYxth8j/aBVblOnWF1DuXZkhQL+Z851Ax9GNDSpjgnlBc4HFiVYAwi7kO37wMT/xvd
8BYB+sIr/tI//bGAyy2SaAR6EFXvaKL2jsf1Y0GVDiwp8kIAXd9VV0YxlUA70ETUTR+LndTt
MX50aPwApgljui0DAAA=
--------------050208010503010205090806--