[xmlsec] debian problem - works on sarge, fails on etch

Aleksey Sanin aleksey at aleksey.com
Wed Oct 10 06:55:42 PDT 2007

> Does anyone know what the problem might be ?
> $ xmlsec1 --verify  --trusted-pem src/test/root.cert ll
> func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=360:obj=x509-store:subj=X509_verify_cert:error=4:crypto library function failed:subj=/C=UK/ST=Scotland/L=Edinburgh/O=DataCash Ltd/OU=Technology/CN=DataCash Payments CA/emailAddress=martin at datacash.com;err=24;msg=invalid CA certificate
> func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=408:obj=x509-store:subj=unknown:error=71:certificate verification failed:err=24;msg=invalid CA certificate

Seems like you have problems with root.cert. For example,
a different openssl version might be more strict about extra
cert attributes, or something like this.


More information about the xmlsec mailing list