[xmlsec] Verification succeeds without CA certificates

Asbjørn Oskal asbjorn.oskal at welldiagnostics.com
Wed Sep 7 10:26:42 PDT 2005

I have a little problem verifying xml signatures.
The problem is that it just don't care about CA certificates.
I only set the   
m_dsigCtx->signKey = xmlSecCryptoAppKeyLoad(tmpfile.c_str(),
xmlSecKeyDataFormatCertPem, NULL, NULL, NULL);
and the verification returns xmlSecDSigStatusSucceeded.
But I thought I had to add the CA certificates that has issued the signing
certificate for the verification to succeed.
This is also what I have done but then I got this bad feeling that the CAs I
added with 
xmlSecCryptoAppKeysMngrCertLoad(m_keysMngr, tmpfile.c_str(),
xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted)
was not taken into account.

I tried verifying without adding any CAs. And it worked.
Of course I want the verification to fail if the signKey can not be
verified. I.e the process cannot find the CAs
What am I doing wrong?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3667 bytes
Desc: not available
Url : http://www.aleksey.com/pipermail/xmlsec/attachments/20050907/99ed81a1/smime-0002.bin

More information about the xmlsec mailing list