[xmlsec] X509Data sub-element detail ?
aleksey at aleksey.com
Wed Aug 6 22:04:47 PDT 2003
>xmlsec sign --pkcs12 keys/EdSign.p12 --output inout/edsigned1.xml
>... This in the template works ...
>... This in the template does not ...
The second template should work if you are using xmlsec-openssl 1.1.0 or
from CVS trunk. If you have correct version and it does not work then
it's probably a bug
somewhere. I would appreciate if you can file a bug report and provide
as much details
as possible (xmlsec version + crypto, os, templates you are using,
pkcs12 file if possible).
>Where is the additional X509 detail extracted from ? I tried adding:
>... to the command line to no avail.
This has nothing to do with it. "--trusted-*" options tells xmlsec which
certs are trusted
when it verifies signature. XMLSec gets certificates from the key. In
you case, from PKCS12 file.
BTW, do you have a cert in this file?
>I'd also like to include other X509 info like issuer, valid from, valid to,
>cert serial number, etc ...
This goes outside the scope of XMLDSig specification . All this
information is available
inside the cert itself and you can include full certificate using
More information about the xmlsec