[xmlsec] Error: unable to get local issuer certificate
wz qiang
weizhongqiang at gmail.com
Tue Jul 15 05:33:53 PDT 2008
hi all,
I am doing some signature verification test with trusted certificates.
I used "xmlSecCryptoAppKeysMngrCertLoad(keys_mngr, ca_file,
xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted)" to load the ca
certificate into keymanager, there is <X509Data/> under
<Signature><KeyInfo/></Signature>.
But when I verify the signature (xmlSecDSigCtxVerify), I get the
following error. The ca certificate is exactly the one which sign the
certificate under <X509Data/>.
And I also tried to use
xmlSecOpenSSLAppKeysMngrAddCertsFile(keys_mngr, cafile) to load the
ca ceriticate, and got the same error.
Could somebody give some hint about sloving this problem?
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=360:obj=x509-store:subj=X509_verify_cert:error=4:crypto
library function
failed:subj=/C=NO/ST=Oslo/O=UiO/CN=test;err=20;msg=unable to get local
issuer certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=408:obj=x509-store:subj=unknown:error=71:certificate
verification failed:err=20;msg=unable to get local issuer certificate
func=xmlSecKeysMngrGetKey:file=keys.c:line=1364:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec
library function failed:
func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key
is not found:
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec
library function failed:
func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec
library function failed:
Signature verification failed for saml:assertion
Thanks in advance
Weizhong Qiang
More information about the xmlsec
mailing list