[xmlsec] Verification and X509Certificate elements
Aleksey Sanin
aleksey at aleksey.com
Wed Dec 11 08:24:32 PST 2002
You need to tell the xmlsec library which certs are "trusted". It's not
enough
to just place all the certs (including root CA cert) in the
<X509Certificate>
because certs not only give you a key but also establish a "trust".
Use "--trusted" option for xmlsec command line utility or
xmlSecX509StoreLoadPemCert()
function in your code.
Aleksey
Asbjørn Oskal wrote:
> Hi!
>
> I have added <X509Certificate> elements to a signature (both the
> signers certificate and
> the corresponding CA certificate).
>
> Will these automatically be used in the verification process? I
> thought they would, but verification failed so I just wanted to check.
>
> :)
More information about the xmlsec
mailing list