[xmlsec] LAst try with x509

Chris McQueen chris at dctransform.com
Wed Jun 13 15:28:03 PDT 2007


If anyone is willing to do some paid contract work on my xmlsec-based
project, Please email me if you are interested. 

I hate to give up when I am so close :(

I am back to trying the xmlsec command line utility to achieve the desired
result.  The following command outputs everything I need *except* the
<X509IssuerSerial> block (X509IssuerName and X509SerialNumber).

xmlsec1 --sign --id-attr:id Body --privkey-pem tfprivkey.crt,tfpubkey.crt
tfunsigned.xml > tfsigned.xml

What is so frustrating is that when I add the --store-signatures option, it
actually displays the serial and name! They just do not make it into the
signed file.

Also, when I try to verify the result using the following command:

xmlsec1 --verify --id-attr:id Body --pubkey-cert-pem tfpubkey.crt
tfsigned.xml

it returns the following errors:

func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=360:obj=x509-store:sub
j=X509_verify_cert:error=4:crypto library function
failed:subj=/C=US/ST=MS/L=Jackson/O=DC Forms
LLC/OU=Transform/CN=www.dctransform.com;err=18;msg=self signed certificate

func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=408:obj=x509-store:sub
j=unknown:error=71:certificate verification failed:err=18;msg=self signed
certificate

Any last suggestions would be greatly appreciated.

Regards,

Chris McQueen




More information about the xmlsec mailing list