[xmlsec] FW: Cert Chain Validation 1.2.8 mscrypto
Edward Shallow
ed.shallow at rogers.com
Fri Jan 13 06:48:19 PST 2006
First post bounced ?
-----Original Message-----
From: Edward Shallow [mailto:ed.shallow at rogers.com]
Sent: January 13, 2006 9:34 AM
To: 'Aleksey Sanin'
Subject: Cert Chain Validation 1.2.8 mscrypto
Aleksey,
I think I might have something here ... This output looks very very close to
yours ...
Since you didn't send me the entire stderr output, please comment on the
attached
I ran the same tests as you
Note error messages ...
Error lines 3, 4, 5, and 6 only appear in the 1st run when trusted cert is
NOT loaded, so the 45: key is not found must be the upu-cacert.der This is
good.
Error lines 3, 4, 5, and 6 do not appear in the 2nd run, also good.
What does appear in both runs are error lines 1 and 2 claiming something
invalid (xmlSecMSCryptoCertStrToName) about the KeyName I suspect.
This threw me off. Did you ignore these 2 messages when reporting results to
me.
The final OK SignedInfo References (ok/all): 1/1 Manifests References
(ok/all): 0/0 does look good.
Can error messages 1 and 2 be ignored ?
Ed
1st Run Without trusted der loaded
**********************************
C:\XMLSec>xmlsec verify --crypto mscrypto inout/edsigned-enveloped.xml
1)
func=xmlSecMSCryptoX509FindCert:file=..\src\mscrypto\x509vfy.c:line=754:obj=
unknown:subj=xmlSecMSCryptoCertStrToName:error=1:xmlsec library function
failed: ;last error=-2146885597 (0x80092023);last error msg=The string
contains an invalid X500 name attribute key, oid, value or delimiter.
2)
func=xmlSecMSCryptoX509FindCert:file=..\src\mscrypto\x509vfy.c:line=754:obj=
unknown:subj=xmlSecMSCryptoCertStrToName:error=1:xmlsec library function
failed: ;last error=-2146885597 (0x80092023);last error msg=The string
contains an invalid X500 name attribute key, oid, value or delimiter.
3)
func=xmlSecKeysMngrGetKey:file=..\src\keys.c:line=1364:obj=unknown:subj=xmlS
ecKeysMngrFindKey:error=1:xmlsec library function failed: ;last
error=-2146885628 (0x80092004);last error msg=Cannot find object or
property.
4)
func=xmlSecDSigCtxProcessKeyInfoNode:file=..\src\xmldsig.c:line=871:obj=unkn
own:subj=unknown:error=45:key is not found: ;last error=-2146885628
(0x80092004);last error msg=Cannot find object or property.
5)
func=xmlSecDSigCtxProcessSignatureNode:file=..\src\xmldsig.c:line=565:obj=un
known:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec library function
failed: ;last error=-2146885628 (0x80092004);last error msg=Cannot find
object or property.
6)
func=xmlSecDSigCtxVerify:file=..\src\xmldsig.c:line=366:obj=unknown:subj=xml
SecDSigCtxSigantureProcessNode:error=1:xmlsec library function failed: ;last
error=-2146885628 (0x80092004);last error msg=Cannot find object or
property.
Error: signature failed
ERROR
SignedInfo References (ok/all): 1/1
Manifests References (ok/all): 0/0
Error: failed to verify file "inout/edsigned-enveloped.xml"
2nd Run With trusted der loaded
*******************************
C:\XMLSec>xmlsec.bat
C:\XMLSec>xmlsec verify --crypto mscrypto --trusted-der keys/upu-cacert.der
inout/edsigned-enveloped.xml
1)
func=xmlSecMSCryptoX509FindCert:file=..\src\mscrypto\x509vfy.c:line=754:obj=
unknown:subj=xmlSecMSCryptoCertStrToName:error=1:xmlsec library function
failed: ;last error=-2146885597 (0x80092023);last error msg=The string
contains an invalid X500 name attribute key, oid, value or delimiter.
2)
func=xmlSecMSCryptoX509FindCert:file=..\src\mscrypto\x509vfy.c:line=754:obj=
unknown:subj=xmlSecMSCryptoCertStrToName:error=1:xmlsec library function
failed: ;last error=-2146885597 (0x80092023);last error msg=The string
contains an invalid X500 name attribute key, oid, value or delimiter.
OK
SignedInfo References (ok/all): 1/1
Manifests References (ok/all): 0/0
More information about the xmlsec
mailing list