[xmlsec] a problem about transplant xmlsec lib to mips64 platform

Aleksey Sanin aleksey at aleksey.com
Tue Apr 10 09:06:29 PDT 2007 

Unrelated to id attribute :) The error is in openssl again.
Some extension is not supported.

Aleksey

shuang chen wrote:
> Hi Aleksey
>  
> another problem to bother you,
>  
> my application need use the id-attribute, so I just run the xml-cmd line 
> tools, I was success run it on Linux Pc, but failed on mips64 platform, 
> it seems the problem comes from openssl, I hope you can still give me 
> some suggestion, thanks
>  
> octeon:/opt/xmlsec_openssl/bin# *./xmlsec1 --verify --id-attr:Id 
> LicenceData --store-signatures --enable-visa3d-hack --trusted-pem 
> root.crt --X509-skip-strict-checks D0185601.XML
> *func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=360:obj=x509-store:subj=X509_verify_cert:error=4:crypto 
> library function failed:subj=/C=FI/O=Nokia/CN=Nokia NET Licence 
> Generator ILG;err=34;msg=unhandled critical extension
> func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=408:obj=x509-store:subj=unknown:error=71:certificate 
> verification failed:err=34;msg=unhandled critical extension
> func=xmlSecKeysMngrGetKey:file=keys.c:line=1364:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec 
> library function failed:
> func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key 
> is not found:
> func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec 
> library function failed:
> func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec 
> library function failed:
> Error: signature failed
> ERROR
> SignedInfo References (ok/all): 1/1
> Manifests References (ok/all): 0/0
> = VERIFICATION CONTEXT
> == Status: unknown
> == flags: 0x00000018
> == flags2: 0x00000000
> == Id: "licRAN1001LK-pkisig-1"
> == Key Info Read Ctx:
> = KEY INFO READ CONTEXT
> == flags: 0x00004000
> == flags2: 0x00000000
> == enabled key data: all
> == RetrievalMethod level (cur/max): 0/1
> == TRANSFORMS CTX (status=0)
> == flags: 0x00000000
> == flags2: 0x00000000
> == enabled transforms: all
> === uri: NULL
> === uri xpointer expr: NULL
> == EncryptedKey level (cur/max): 0/1
> === KeyReq:
> ==== keyId: rsa
> ==== keyType: 0x00000001
> ==== keyUsage: 0x00000002
> ==== keyBitsSize: 0
> === list size: 0
> == Key Info Write Ctx:
> = KEY INFO WRITE CONTEXT
> == flags: 0x00000000
> == flags2: 0x00000000
> == enabled key data: all
> == RetrievalMethod level (cur/max): 0/1
> == TRANSFORMS CTX (status=0)
> == flags: 0x00000000
> == flags2: 0x00000000
> == enabled transforms: all
> === uri: NULL
> === uri xpointer expr: NULL
> == EncryptedKey level (cur/max): 0/1
> === KeyReq:
> ==== keyId: NULL
> ==== keyType: 0x00000001
> ==== keyUsage: 0xffffffff
> ==== keyBitsSize: 0
> === list size: 0
> == Signature Transform Ctx:
> == TRANSFORMS CTX (status=0)
> == flags: 0x00000000
> == flags2: 0x00000000
> == enabled transforms: all
> === uri: NULL
> === uri xpointer expr: NULL
> === Transform: c14n-with-comments 
> (href=http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments)
> === Transform: membuf-transform (href=NULL)
> === Transform: rsa-sha1 (href=http://www.w3.org/2000/09/xmldsig#rsa-sha1)
> == Signature Method:
> === Transform: rsa-sha1 (href= http://www.w3.org/2000/09/xmldsig#rsa-sha1)
> == SignedInfo References List:
> === list size: 1
> = REFERENCE VERIFICATION CONTEXT
> == Status: succeeded
> == URI: "#licRAN1001LK"
> == Reference Transform Ctx:
> == TRANSFORMS CTX (status=2)
> == flags: 0x00000001
> == flags2: 0x00000000
> == enabled transforms: all
> === uri:
> === uri xpointer expr: #licRAN1001LK
> === Transform: Visa3DHackTransform (href=NULL)
> === Transform: c14n-with-comments (href= 
> http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments)
> === Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1 
> <http://www.w3.org/2000/09/xmldsig#sha1>)
> === Transform: membuf-transform (href=NULL)
> == Digest Method:
> === Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1)
> == Manifest References List:
> === list size: 0
> Error: failed to verify file "D0185601.XML"
> octeon:/opt/xmlsec_openssl/bin#
> 
> 
>  
> On 4/9/07, *Aleksey Sanin* <aleksey at aleksey.com 
> <mailto:aleksey at aleksey.com>> wrote:
> 
>     So easy :)
> 
>     Aleksey
> 
>     shuang chen wrote:
>      > Thanks a lot, the problem solved, the machine date is not correct
>     :-)
>      >
>      > On 4/9/07, *Aleksey Sanin* <aleksey at aleksey.com
>     <mailto:aleksey at aleksey.com>
>      > <mailto:aleksey at aleksey.com <mailto:aleksey at aleksey.com>>> wrote:
>      >
>      >      > error 9 at 1 depth lookup:certificate is not yet valid
>      >
>      >     Could you please check the date/time on this machine?
>      >
>      >     Aleksey
>      >
>      >
>      >
>      >
> 
>

More information about the xmlsec mailing list