[xmlsec] Signature Verification Problem Using X509 Certificates
Roumen Petrov
xmlsec at roumenpetrov.info
Sat Feb 23 09:29:53 PST 2008
Aleksey Sanin wrote:
>> Aleksey did presence of self signed root certificate in document
>> violate standard ?
>
> Not really. And I already suggested that and it seems the situation
> did not improve.
>
> Aleksey
>
The error 1) "unable to get local issuer certificate" is very specific
(note word local).
It is different from 2) "unable to get issuer certificate".
If trusted root is not in store the usual error is 3) "self signed
certificate in certificate chain" but Paul case is different.
May be test case aleksey-xmldsig-01/enveloping-rsa-x509chain will raise
same message if root certificate is with
basicConstraints=critical,CA:TRUE,pathlen:3 ?
Roumen
More information about the xmlsec
mailing list