[xmlsec] Verify signature after certificate expired
Moultrie, Ferrell (ISSAtlanta)
FMoultrie at iss.net
Fri Oct 11 11:53:28 PDT 2002
Aleksey:
Please excuse me for being a CVS newbie but I can see your checkin in
the CVS browser but when I attempt to retrieve them:
cvs -z3 update -Pd xmlsec
... it updated only errors.h from yesterday's pull. Is there something
else that I need to do to get the latest checkin?
Thanks!
Ferrell
-----Original Message-----
From: Aleksey Sanin [mailto:aleksey at aleksey.com]
Sent: Friday, October 11, 2002 12:30 PM
To: Aleksey Sanin
Cc: Moultrie, Ferrell (ISSAtlanta); xmlsec at aleksey.com
Subject: Re: [xmlsec] Verify signature after certificate expired
I've removed strptime() usage and switched to your code completelly :)
Thanks!
As you've requested, I've added additional errors for the cert
verification and,
for example, when cert has expired errors stack looks now as follows:
[aleksey]> ../apps/xmlsec verify --trusted ../tests/keys/cacert.pem
--allowed x509 ../tests/aleksey-xmldsig-01/enveloping-expired-cert.xml
xmlSecX509StoreVerify (x509.c:1084): error 46: cert has expired :
error=10 (certificate has expired)
xmlSecX509DataNodeRead (keyinfo.c:1196): error 41: cert verification
failed :
xmlSecKeysMngrGetKey (keys.c:518): error 17: key not found :
xmlSecSignedInfoRead (xmldsig.c:1437): error 17: key not found :
xmlSecSignatureRead (xmldsig.c:1175): error 2: xmlsec operation failed :
xmlSecSignedInfoRead - -1
xmlSecDSigValidate (xmldsig.c:733): error 2: xmlsec operation failed :
xmlSecSignatureRead - -1
Error: operation failed
ERROR
Aleksey.
Aleksey Sanin wrote:
> Thanks for the patch! I'll take a look at it later today. Of course,
> you have the information
> about the reason why verification failed. I'll try to add the code to
> xmlsec to expose
> this information to the application.
>
More information about the xmlsec
mailing list