[xmlsec] Verify signature after certificate expired
Moultrie, Ferrell (ISSAtlanta)
FMoultrie at iss.net
Fri Oct 11 14:12:54 PDT 2002
Thanks! I've built and integrated it and it appears to be working just
fine. I've got some more date testing to do once I can get my test
system to quit being cranky -- but it looks good from the command line
and with general operations. Thanks for all your help!
Ferrell
-----Original Message-----
From: Aleksey Sanin [mailto:aleksey at aleksey.com]
Sent: Friday, October 11, 2002 3:08 PM
To: Moultrie, Ferrell (ISSAtlanta)
Cc: xmlsec at aleksey.com
Subject: Re: [xmlsec] Verify signature after certificate expired
Hm.. I just pulled out the fresh copy from CVS and the changes are
there.
I have only one idea: you are using anonymous CVS access and it takes
some time to propagate the checkins from real Gnome CVS server to the
anonymous one. Most likely there were a lot of checkins this morning or
some kind of GNOME new version was released. Or may be these "push"
system simply do not work.
I forced a snapshot creation and it should be there:
ftp://ftp.aleksey.com/pub/xmlsec/snapshots/xmlsec-021011.1.tar.gz
Please let me know if something is wrong.
Aleksey
Moultrie, Ferrell (ISSAtlanta) wrote:
>Aleksey:
> Please excuse me for being a CVS newbie but I can see your checkin in
>the CVS browser but when I attempt to retrieve them:
>cvs -z3 update -Pd xmlsec
>... it updated only errors.h from yesterday's pull. Is there something
>else that I need to do to get the latest checkin?
>Thanks!
> Ferrell
>
>-----Original Message-----
>From: Aleksey Sanin [mailto:aleksey at aleksey.com]
>Sent: Friday, October 11, 2002 12:30 PM
>To: Aleksey Sanin
>Cc: Moultrie, Ferrell (ISSAtlanta); xmlsec at aleksey.com
>Subject: Re: [xmlsec] Verify signature after certificate expired
>
>
>I've removed strptime() usage and switched to your code completelly :)
> Thanks!
>As you've requested, I've added additional errors for the cert
>verification and,
>for example, when cert has expired errors stack looks now as follows:
>
>[aleksey]> ../apps/xmlsec verify --trusted ../tests/keys/cacert.pem
>--allowed x509 ../tests/aleksey-xmldsig-01/enveloping-expired-cert.xml
>xmlSecX509StoreVerify (x509.c:1084): error 46: cert has expired :
>error=10 (certificate has expired)
>xmlSecX509DataNodeRead (keyinfo.c:1196): error 41: cert verification
>failed :
>xmlSecKeysMngrGetKey (keys.c:518): error 17: key not found :
>xmlSecSignedInfoRead (xmldsig.c:1437): error 17: key not found :
>xmlSecSignatureRead (xmldsig.c:1175): error 2: xmlsec operation failed
:
>
>xmlSecSignedInfoRead - -1
>xmlSecDSigValidate (xmldsig.c:733): error 2: xmlsec operation failed :
>xmlSecSignatureRead - -1
>Error: operation failed
>ERROR
>
>
>Aleksey.
>
>
>Aleksey Sanin wrote:
>
>
>
>>Thanks for the patch! I'll take a look at it later today. Of course,
>>you have the information
>>about the reason why verification failed. I'll try to add the code to
>>xmlsec to expose
>>this information to the application.
>>
>>
>>
>
>
>_______________________________________________
>xmlsec mailing list
>xmlsec at aleksey.com
>http://www.aleksey.com/mailman/listinfo/xmlsec
>
>
More information about the xmlsec
mailing list