[xmlsec] Turning off cert verification

dnorrell at gmx.net dnorrell at gmx.net
Wed Aug 29 09:19:57 PDT 2007


Hello,

I'm trying to load a key from a KeyInfo node via xmlSecKeyInfoNodeRead. However, I need to be able to load self-signed certificates, and whenever I do this, I get an error (self signed certificate) from OpenSSL. I've looked at setting the XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS flag on the key info ctx, however looking at the following bit of code in xmlsec, it looks like if you set this flag, then the key never gets extracted at all. The calling function never gets access to the key data, so I don't see how this can help.

    if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS) == 0) {
        ret = xmlSecOpenSSLKeyDataX509VerifyAndExtractKey(data, key, keyInfoCtx);
	if(ret < 0) {
	    xmlSecError(XMLSEC_ERRORS_HERE,
		        xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
			"xmlSecOpenSSLKeyDataX509VerifyAndExtractKey",
		        XMLSEC_ERRORS_R_XMLSEC_FAILED,
			XMLSEC_ERRORS_NO_MESSAGE);
	    return(-1);
        }
    }

Has anyone managed to do this, and am I doing something obviously wrong here!

Thanks, David

-- 
GMX FreeMail: 1 GB Postfach, 5 E-Mail-Adressen, 10 Free SMS.
Alle Infos und kostenlose Anmeldung: http://www.gmx.net/de/go/freemail



More information about the xmlsec mailing list