[xmlsec] Skipping certificate expiry checks in xmlsec 1.2.12

mahendra N mahendra0203 at gmail.com
Mon Nov 22 02:37:11 PST 2010


Hi ,
   I have tried the folowing command

  xmlsec1 --verify --id-attr:Id LicenceData --verification-time "2010-12-12
20:45:34" --trusted-pem root_kuc.pem license.xml

license.xml is signed by root_kuc.pem, which expires on 2010-12-02.

I get the following error:

func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=360:obj=x509-store:subj=X509_verify_cert:error=4:crypto
library function failed:subj=/C=US/ST=Newyork/O=Company/OU=BI/CN=Company
Licence Generator ILG;err=10;msg=certificate has expired
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=400:obj=x509-store:subj=unknown:error=76:certificate
has expirred:err=10;msg=certificate has expired
func=xmlSecKeysMngrGetKey:file=keys.c:line=1364:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec
library function failed:
func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key
is not found:
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec
library function failed:
func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec
library function failed:
Error: signature failed
ERROR
SignedInfo References (ok/all): 1/1
Manifests References (ok/all): 0/0
Error: failed to verify file "license.xml"

Thanks and Regards,
Mahendra Naik

2010/11/22 mahendra N <mahendra0203 at gmail.com>

> Hi,
>
>    I want to verify a file, signed with a digital certificate which has
> expired. Is there a way in xmlsec to skip the checking of expiry date of
> certificates, and only check for the keys?
>
>
> Thanks and Regards,
> Mahendra Naik
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20101122/22865085/attachment.html>


More information about the xmlsec mailing list