[xmlsec] Signature Verification Problem Using X509 Certificates

Paul Keeler keelerp at googlemail.com
Thu Feb 21 12:38:20 PST 2008


I've tried this on the command line already.  If I add all of the
certificates as untrusted (--untrusted pem), and obviously still use the
trusted root (--trusted-pem), then xmlsec verifies the signature perfectly
with no spurious errors.

Thank you for taking an interest though.

On Thu, Feb 21, 2008 at 8:18 PM, Roumen Petrov <xmlsec at roumenpetrov.info>
wrote:

> Paul Keeler wrote:
> > Still no success I'm afraid.  I'm starting to think that the only option
> I'm
> > left with is to (within my application) manually parse the signed
> document
> > and add all of the certificates to the untrusted store.
> >
> > [SNIP]
> The valid path must begin with certificates issued by a trust anchor.
> So if whole certificate chain is in untrusted store certificate cannot
> be validated.
>
>
> Roumen
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.aleksey.com/pipermail/xmlsec/attachments/20080221/54e4a0e5/attachment-0002.htm


More information about the xmlsec mailing list