[xmlsec] Question about signature verification - message to STDERR seems to indicate failre, but it returns success?

James Olsen jamesml at planetolsen.com
Tue May 8 14:17:28 PDT 2007


I have am xml document and x509 public key that I'm trying to verify
the signature on. I've compiled the unmodified verify3 example program
that is in the xmlsec tarball and it is the program I'm using to try
to verify the signature.

Here is the output:

func=xmlSecOpenSSLEvpDigestVerify:file=digests.c:line=229:obj=sha1:subj=unknown:error=12:invalid data:data and digest do not match
Signature is OK

I admit I'm very new to the security mechanism and I don't have a
solid understanding of the specifications. However, it seems to me if
there is invalid data (the data and digest do not match) then the
signature verification should be considered a failure.

How should the results of verify3 be interpreted? Was the signature
verification really a success with that error?

Funny quotes: "There are 10 types of people in the world. 
Those who understand binary, and those who don't." -- Unknown
"A computer once beat me at chess, but it was no match for me at
kick boxing." -- Emo Philips

More information about the xmlsec mailing list