[xmlsec] debian problem - works on sarge, fails on etch

Wed Oct 10 04:46:25 PDT 2007

Hi,

The xmlsec1 program supplied on sarge successfully verifies a signed
document, but the same program on etch fails with an error.

Does anyone know what the problem might be ?

regards
Martin
------------------------------------------------------------------------------------------
Sarge Details:
xmlsec1                           1.2.6-1

$ xmlsec1 --verify  --trusted-pem src/test/root.cert ll
OK
SignedInfo References (ok/all): 1/1
Manifests References (ok/all): 0/0

$ strace -e trace=open xmlsec1 --verify  --trusted-pem
src/test/root.cert ll 2>&1 | grep open
open("/etc/ld.so.preload", O_RDONLY)    = -1 ENOENT (No such file or
directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
open("/usr/lib/libxmlsec1-openssl.so.1", O_RDONLY) = 3
open("/usr/lib/libxmlsec1.so.1", O_RDONLY) = 3
open("/usr/lib/i686/cmov/libssl.so.0.9.7", O_RDONLY) = 3
open("/usr/lib/i686/cmov/libcrypto.so.0.9.7", O_RDONLY) = 3
open("/lib/libdl.so.2", O_RDONLY)       = 3
open("/usr/lib/libxslt.so.1", O_RDONLY) = 3
open("/usr/lib/libxml2.so.2", O_RDONLY) = 3
open("/lib/libpthread.so.0", O_RDONLY)  = 3
open("/usr/lib/libz.so.1", O_RDONLY)    = 3
open("/lib/libm.so.6", O_RDONLY)        = 3
open("/lib/libc.so.6", O_RDONLY)        = 3
open("/dev/urandom", O_RDONLY|O_NONBLOCK|O_NOCTTY) = 3
open("/usr/lib/ssl/cert.pem", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("src/test/root.cert", O_RDONLY)    = 3
open("ll", O_RDONLY)                    = 3
open("/etc/localtime", O_RDONLY)        = 3

------------------------------------------------------------------------------------------
Etch details:
xmlsec1                                  1.2.9-5

$ xmlsec1 --verify  --trusted-pem src/test/root.cert ll
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=360:obj=x509-store:subj=X509_verify_cert:error=4:crypto library function failed:subj=/C=UK/ST=Scotland/L=Edinburgh/O=DataCash Ltd/OU=Technology/CN=DataCash Payments CA/emailAddress=martin at datacash.com;err=24;msg=invalid CA certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=408:obj=x509-store:subj=unknown:error=71:certificate verification failed:err=24;msg=invalid CA certificate
func=xmlSecKeysMngrGetKey:file=keys.c:line=1364:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec library function failed:
func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key is not found:
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcesKeyInfoNode:error=1:xmlsec library function failed:
func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec library function failed:
Error: signature failed
ERROR
SignedInfo References (ok/all): 1/1
Manifests References (ok/all): 0/0
Error: failed to verify file "ll"

$ strace -e trace=open xmlsec1 --verify  --trusted-pem
src/test/root.cert ll 2>&1 | grep open
open("/etc/ld.so.cache", O_RDONLY)      = 3
open("/usr/lib/libxmlsec1-openssl.so.1", O_RDONLY) = 3
open("/usr/lib/libxmlsec1.so.1", O_RDONLY) = 3
open("/usr/lib/i686/cmov/libssl.so.0.9.8", O_RDONLY) = 3
open("/usr/lib/i686/cmov/libcrypto.so.0.9.8", O_RDONLY) = 3
open("/usr/lib/libxslt.so.1", O_RDONLY) = 3
open("/lib/tls/i686/cmov/libdl.so.2", O_RDONLY) = 3
open("/usr/lib/libz.so.1", O_RDONLY)    = 3
open("/lib/tls/i686/cmov/libm.so.6", O_RDONLY) = 3
open("/usr/lib/libxml2.so.2", O_RDONLY) = 3
open("/lib/tls/i686/cmov/libc.so.6", O_RDONLY) = 3
open("/dev/urandom", O_RDONLY|O_NONBLOCK|O_NOCTTY) = 3
open("/usr/lib/ssl/cert.pem", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such
file or directory)
open("src/test/root.cert", O_RDONLY|O_LARGEFILE) = 3
open("ll", O_RDONLY)                    = 3

-- 
Martin Waite
System Architect
*DataCash*

Tel (Direct): +44 (0)131 538 8431
Mobile: +44 (0)7866 750509

DataCash Ltd, Suite 3/1 Great Michael House,
14 Links Place, Edinburgh, EH6 7EZ, United Kingdom.

Tel: +44 (0)870 7274 762
Fax: +44 (0)870 7274 782

www.datacash.com <http://www.datacash.com/>

DISCLAIMER: This email and any files transmitted with it are
confidential to DataCash Group plc and its group companies. It is
intended only for the person to whom it is addressed. If you have
received this email in error, please forward it to info at datacash.com
<mailto:info at datacash.com> with the subject line "Received in Error". If
you are not the intended recipient you must not use, disclose, copy,
print, distribute or rely on this email or any of its transmitted files.