[xmlsec] Error: unable to get local issuer certificate
wz qiang
weizhongqiang at gmail.com
Tue Jul 15 13:42:54 PDT 2008
hello,
When I used the command line, I got the result which seems ok.
xmlsec1 --verify --trusted-pem ca.pem --id-attr:AssertionID
saml:Assertion assertion.xml
OK
SignedInfo References (ok/all): 1/1
Manifests References (ok/all): 0/0
Is there some hint?
Thanks a lot
Weizhong Qiang
On 7/15/08, Aleksey Sanin <aleksey at aleksey.com> wrote:
> Try to reproduce the problem using xmlsec1 command line tool
>
> Aleksey
>
>
> wz qiang wrote:
> > hello,
> > I knew it is a openssl problem. :)
> > But the strange thing is that the same certificate and ca certificate
> > works well when I use tls.
> > SSL_CTX_load_verify_locations(sslctx_, ca_file_.c_str(),
> NULL)
> >
> > So I would know whether there is something wrong when I use xmlsec.
> >
> > Thanks
> > Weizhong Qiang
> >
> > On 7/15/08, Aleksey Sanin <aleksey at aleksey.com> wrote:
> >
> > >
> http://www.mail-archive.com/openssl-users@openssl.org/msg45532.html
> > >
> > > wz qiang wrote:
> > >
> > > > hi all,
> > > > I am doing some signature verification test with trusted certificates.
> > > > I used
> > > >
> > >
> "xmlSecCryptoAppKeysMngrCertLoad(keys_mngr,
> > > ca_file,
> > >
> > > > xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted)" to load the ca
> > > > certificate into keymanager, there is <X509Data/> under
> > > > <Signature><KeyInfo/></Signature>.
> > > >
> > > > But when I verify the signature (xmlSecDSigCtxVerify), I get the
> > > > following error. The ca certificate is exactly the one which sign the
> > > > certificate under <X509Data/>.
> > > > And I also tried to use
> > > > xmlSecOpenSSLAppKeysMngrAddCertsFile(keys_mngr,
> cafile)
> > > >
> > > to load the
> > >
> > > > ca ceriticate, and got the same error.
> > > > Could somebody give some hint about sloving this problem?
> > > >
> > > >
> > > >
> > >
> func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=360:obj=x509-store:subj=X509_verify_cert:error=4:crypto
> > >
> > > > library function
> > > >
> failed:subj=/C=NO/ST=Oslo/O=UiO/CN=test;err=20;msg=unable
> > > >
> > > to get local
> > >
> > > > issuer certificate
> > > >
> > > >
> > >
> func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=408:obj=x509-store:subj=unknown:error=71:certificate
> > >
> > > > verification failed:err=20;msg=unable to get local issuer certificate
> > > >
> > > >
> > >
> func=xmlSecKeysMngrGetKey:file=keys.c:line=1364:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec
> > >
> > > > library function failed:
> > > >
> > > >
> > >
> func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key
> > >
> > > > is not found:
> > > >
> > > >
> > >
> func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec
> > >
> > > > library function failed:
> > > >
> > > >
> > >
> func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec
> > >
> > > > library function failed:
> > > > Signature verification failed for saml:assertion
> > > >
> > > > Thanks in advance
> > > > Weizhong Qiang
> > > > _______________________________________________
> > > > xmlsec mailing list
> > > > xmlsec at aleksey.com
> > > > http://www.aleksey.com/mailman/listinfo/xmlsec
> > > >
> > > >
> > >
> > _______________________________________________
> > xmlsec mailing list
> > xmlsec at aleksey.com
> > http://www.aleksey.com/mailman/listinfo/xmlsec
> >
>
More information about the xmlsec
mailing list