[xmlsec] Having problems getting xmlsec working: Error: failed to initialize keys manager. A little help?

[Aleksey Sanin]

In xmlSecOpenSSLX509StoreInitialize() function
(xmlsec/src/openssl/x509vfy.c file) change the code
as follows:

Index: x509vfy.c
===================================================================
--- x509vfy.c   (revision 988)
+++ x509vfy.c   (working copy)
@@ -638,7 +638,9 @@

      path = xmlSecOpenSSLGetDefaultTrustedCertsFolder();
      if(path != NULL) {
-       if(!X509_LOOKUP_add_dir(lookup, (char*)path, X509_FILETYPE_PEM)) {
+       int ret = X509_LOOKUP_add_dir(lookup, (char*)path, 
X509_FILETYPE_PEM);
+       if(!ret) {
+           printf("error: %s, %d\n", path, ret);
             xmlSecError(XMLSEC_ERRORS_HERE,
 
xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
                     "X509_LOOKUP_add_dir",


This will print you the actual folder path and the returned openssl
error.

Aleksey

Wolf Noble wrote:
> Hi guys,
> 
> I’ve googled extensively, removed clumps of hair, sacrificed a small 
> chicken, recompiled xmlsec a few times, reinstalled openssl rpms... To 
> no avail.
> 
> Here’s my setup:
> 
> In testing, I’m running centos, with openssl 0.9.7a rpm installed, 
> xmlsec 1.2.11 compiled from source.
> 
> In production, I’m running RHEL, with openssl 0.9.7a and openssl-devel 
> 0.9.7a rpms installed, xmlsec 1.2.11 compiled from source.
> 
> In testing, xmlsec works fine.
> In production, attempting to run xmlsec results in the following:
> 
> root at www foo]#  xmlsec1 --sign --privkey-pem dsaprivkey.pem --pubkey-der 
> dsapubkey.der --output foo.xml in.xml
> func=xmlSecOpenSSLX509StoreInitialize:file=x509vfy.c:line=651:obj=x509-store:subj=X509_LOOKUP_add_dir:error=4:crypto 
> library function failed:
> func=xmlSecKeyDataStoreCreate:file=keysdata.c:line=1328:obj=x509-store:subj=id->initialize:error=1:xmlsec 
> library function failed:
> func=xmlSecOpenSSLKeysMngrInit:file=crypto.c:line=313:obj=unknown:subj=xmlSecKeyDataStoreCreate:error=1:xmlsec 
> library function failed:xmlSecOpenSSLX509StoreId
> func=xmlSecOpenSSLAppDefaultKeysMngrInit:file=app.c:line=1270:obj=unknown:subj=xmlSecOpenSSLKeysMngrInit:error=1:xmlsec 
> library function failed:
> Error: failed to initialize keys manager.
> Error: keys manager creation failed
> 
> 
> Several posts on the web have stated this to be “something wrong with 
> the openssl certs dir”
> But /usr/share/ssl exists, and I don’t see anything wrong with it.
> I’ve not seen anyone’s solutions to the problem, just a vague pointer to 
> something wrong.
> 
> Can anyone help shed a little light on what I’m missing? I’ve got to get 
> this working today.
> 
> Thanks much in advance. Your pointers are appreciated.
> 
> -Wolf
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec