[xmlsec] LAst try with x509

Chris McQueen chris at dctransform.com
Wed Jun 13 16:55:57 PDT 2007


I had a hunch that I may have messed up the creation of my keys and certs,
so... I went back and re-generated my public cert using the openssl
-set_serial option, and now I get *no errors* when signing or verifying
using the xmlsec command line utility!

However, it still does not populate the <X509IssuerSerial> node and
sub-nodes, only the X509Certificate node.

Is this simply not possible to do using the command line tool alone?

Chris McQueen

-----Original Message-----
From: Chris McQueen [mailto:chris at dctransform.com] 
Sent: Wednesday, June 13, 2007 5:51 PM
To: 'xmlsec at aleksey.com'
Subject: RE: [xmlsec] LAst try with x509


xmlsec1 --verify --id-attr:id Body --trusted-pem tfpubkey.crt tfsigned.xml

returns:

func=xmlSecOpenSSLX509FindCert:file=x509vfy.c:line=776:obj=unknown:subj=BN_d
ec2bn:error=4:crypto library function failed:
OK
SignedInfo References (ok/all): 1/1
Manifests References (ok/all): 0/0


Chris McQueen

-----Original Message-----
From: Aleksey Sanin [mailto:aleksey at aleksey.com] 
Sent: Wednesday, June 13, 2007 5:31 PM
To: chris at dctransform.com
Cc: xmlsec at aleksey.com
Subject: Re: [xmlsec] LAst try with x509



> xmlsec1 --verify --id-attr:id Body --pubkey-cert-pem tfpubkey.crt
> tfsigned.xml
> 
> it returns the following errors:
> 

Replace "--pubkey-cert-pem" with "--trusted-pem"

Aleksey



More information about the xmlsec mailing list