[xmlsec] RE: Need urgent help for verify

ed.shallow at rogers.com ed.shallow at rogers.com
Wed May 31 08:49:41 PDT 2006

Hi Jurgen,
Do you have a dsig:KeyName specified ? Take out this element manually and re-verify. I have seen this also. However I do not get a crash. I believe that on a Verify if both X509Certificate is present and KeyName is present, xmlsec still tries to retrieve the certificate from the KeyMngr which will then go on to the Microsoft CryptoStore if not found in the KeysMngr. 
I would wager, but Alexsey is the expert, that it might be a good idea to ignore the KeyName if an X509Certificate is present when Verifying. After all the reason it got there in the first place is that it was used to select the cert/key when you originally signed it with xmlsec and is left over from the sign operation. It will verify fine if you manually remove the KeyName. Comments Alexsey ? 

----- Original Message ----
From: Aleksey Sanin <aleksey at aleksey.com>
To: Jürgen Heiss <jheiss at Mesonic.com>
Cc: xmlsec at aleksey.com
Sent: Wednesday, May 31, 2006 11:23:21 AM
Subject: Re: [xmlsec] RE: Need urgent help for verify

No. Please, provide the stack trace for the crash.


Jürgen Heiss wrote:
> Does really now one have any idea? 
> Hi,
> I use the following code to verify a signed file.
> The problem is now, the xmlSecDSigCtxVerify crahses if the certificate 
> isn't installed on my machine!?!
> How can I check this file? Can I excract the certificate and load it 
> into a xmlSecKeysMngrPtr?
> thanks for any help.
> <some code> 
>  if(xmlSecDSigCtxInitialize(&dsigCtx, gKeysMngr) < 0)
>   return (V_INTERNAL);
>  if(xmlSecAppPrepareDSigCtx(&dsigCtx) < 0)
>  {
>   xmlSecDSigCtxFinalize(&dsigCtx);
>   return V_INTERNAL;
>  }
>  /* parse template and select start node */
>  data = xmlSecAppXmlDataCreate(filename, xmlSecNodeSignature, xmlSecDSigNs);
>  if(data == NULL)
>  {
>   xmlSecDSigCtxFinalize(&dsigCtx);
>   if(data != NULL)
>    xmlSecAppXmlDataDestroy(data);
>   return V_INTERNAL;
>  }
>  /* sign */
>  start_time = clock();
>  if(xmlSecDSigCtxVerify(&dsigCtx, data->startNode) < 0)
> ------------------------------------------------------------------------
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
xmlsec mailing list
xmlsec at aleksey.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.aleksey.com/pipermail/xmlsec/attachments/20060531/3fff97ac/attachment.htm

More information about the xmlsec mailing list