[xmlsec] Signature Verification Problem Using X509 Certificates

Paul Keeler keelerp at googlemail.com
Thu Feb 21 11:42:11 PST 2008


Still no success I'm afraid.  I'm starting to think that the only option I'm
left with is to (within my application) manually parse the signed document
and add all of the certificates to the untrusted store.

Failing that I suppose I can get serious and debug xmlsec to see what's
going on.

Thanks again for your ideas - and do keep them coming whilst your patience
persists :)

On Thu, Feb 21, 2008 at 3:21 PM, Aleksey Sanin <aleksey at aleksey.com> wrote:

>
>
> > My understanding (which may be flawed!) is that the following output
> > represents a single unique chain:
>
> Yes, this is a single chain :) Next idea, could you try to remove
> the self-signed (root) certificate from the signature and just
> supply it as the parameter to xmlsec command line utility?
> I can see how openssl can be confused if it this certificate in
> two places.
>
> Aleksey
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.aleksey.com/pipermail/xmlsec/attachments/20080221/f1e69087/attachment-0002.htm


More information about the xmlsec mailing list