[xmlsec] Skipping certificate expiry checks in xmlsec 1.2.12

Aleksey Sanin aleksey at aleksey.com
Mon Nov 22 07:29:03 PST 2010 

Try

--verification-time "2010-11-12 20:45:34"

On 11/22/10 2:37 AM, mahendra N wrote:
> Hi ,
>     I have tried the folowing command
>
>    xmlsec1 --verify --id-attr:Id LicenceData --verification-time
> "2010-12-12 20:45:34" --trusted-pem root_kuc.pem license.xml
>
> license.xml is signed by root_kuc.pem, which expires on 2010-12-02.
>
> I get the following error:
>
> func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=360:obj=x509-store:subj=X509_verify_cert:error=4:crypto
> library function failed:subj=/C=US/ST=Newyork/O=Company/OU=BI/CN=Company
> Licence Generator ILG;err=10;msg=certificate has expired
> func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=400:obj=x509-store:subj=unknown:error=76:certificate
> has expirred:err=10;msg=certificate has expired
> func=xmlSecKeysMngrGetKey:file=keys.c:line=1364:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec
> library function failed:
> func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key
> is not found:
> func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec
> library function failed:
> func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec
> library function failed:
> Error: signature failed
> ERROR
> SignedInfo References (ok/all): 1/1
> Manifests References (ok/all): 0/0
> Error: failed to verify file "license.xml"
>
> Thanks and Regards,
> Mahendra Naik
>
> 2010/11/22 mahendra N <mahendra0203 at gmail.com
> <mailto:mahendra0203 at gmail.com>>
>
>     Hi,
>
>         I want to verify a file, signed with a digital certificate which
>     has expired. Is there a way in xmlsec to skip the checking of expiry
>     date of certificates, and only check for the keys?
>
>
>     Thanks and Regards,
>     Mahendra Naik
>
>
>
>
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec

More information about the xmlsec mailing list