[xmlsec] Signature Verification Problem Using X509 Certificates
Aleksey Sanin
aleksey at aleksey.com
Thu Feb 21 14:57:40 PST 2008
Mostly likely you need to debug openssl :) I'll try to take a look at
it over weekend but no promises....
Aleksey
Paul Keeler wrote:
> Still no success I'm afraid. I'm starting to think that the only option
> I'm left with is to (within my application) manually parse the signed
> document and add all of the certificates to the untrusted store.
>
> Failing that I suppose I can get serious and debug xmlsec to see what's
> going on.
>
> Thanks again for your ideas - and do keep them coming whilst your
> patience persists :)
>
> On Thu, Feb 21, 2008 at 3:21 PM, Aleksey Sanin <aleksey at aleksey.com
> <mailto:aleksey at aleksey.com>> wrote:
>
>
>
> > My understanding (which may be flawed!) is that the following output
> > represents a single unique chain:
>
> Yes, this is a single chain :) Next idea, could you try to remove
> the self-signed (root) certificate from the signature and just
> supply it as the parameter to xmlsec command line utility?
> I can see how openssl can be confused if it this certificate in
> two places.
>
> Aleksey
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
More information about the xmlsec
mailing list