[xmlsec] Question about signature verification - message to STDERR
seems to indicate failre, but it returns success?
Aleksey Sanin
aleksey at aleksey.com
Tue May 8 15:35:32 PDT 2007
Are you using the xml file from the example or some other file?
If it is a custom file, then it would be helpful if you can share it.
Thanks
Aleksey
James Olsen wrote:
> Hello,
>
> I have am xml document and x509 public key that I'm trying to verify
> the signature on. I've compiled the unmodified verify3 example program
> that is in the xmlsec tarball and it is the program I'm using to try
> to verify the signature.
>
> Here is the output:
>
> func=xmlSecOpenSSLEvpDigestVerify:file=digests.c:line=229:obj=sha1:subj=unknown:error=12:invalid data:data and digest do not match
> Signature is OK
>
> I admit I'm very new to the security mechanism and I don't have a
> solid understanding of the specifications. However, it seems to me if
> there is invalid data (the data and digest do not match) then the
> signature verification should be considered a failure.
>
> How should the results of verify3 be interpreted? Was the signature
> verification really a success with that error?
>
More information about the xmlsec
mailing list