[xmlsec] debian problem - works on sarge, fails on etch

[Martin Waite]

Aleksey Sanin wrote:
>
>> Does anyone know what the problem might be ?
>>
>> $ xmlsec1 --verify  --trusted-pem src/test/root.cert ll
>> func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=360:obj=x509-store:subj=X509_verify_cert:error=4:crypto
>> library function failed:subj=/C=UK/ST=Scotland/L=Edinburgh/O=DataCash
>> Ltd/OU=Technology/CN=DataCash Payments
>> CA/emailAddress=martin at datacash.com;err=24;msg=invalid CA certificate
>> func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=408:obj=x509-store:subj=unknown:error=71:certificate
>> verification failed:err=24;msg=invalid CA certificate
>
> Seems like you have problems with root.cert. For example,
> a different openssl version might be more strict about extra
> cert attributes, or something like this.
>
I was afraid you might say that.

I have been playing with "openssl verify" to try to get it to replicate
the problem:  it makes a lot of noise, but seems quite happy with the
certificates.

I'll regenerate the certificates using the newer openssl and see if that
fixes it.

Thanks for the confirmation.

-- Martin

-- 
Martin Waite
System Architect
*DataCash*

Tel (Direct): +44 (0)131 538 8431
Mobile: +44 (0)7866 750509

DataCash Ltd, Suite 3/1 Great Michael House,
14 Links Place, Edinburgh, EH6 7EZ, United Kingdom.

Tel: +44 (0)870 7274 762
Fax: +44 (0)870 7274 782

www.datacash.com <http://www.datacash.com/>

DISCLAIMER: This email and any files transmitted with it are
confidential to DataCash Group plc and its group companies. It is
intended only for the person to whom it is addressed. If you have
received this email in error, please forward it to info at datacash.com
<mailto:info at datacash.com> with the subject line "Received in Error". If
you are not the intended recipient you must not use, disclose, copy,
print, distribute or rely on this email or any of its transmitted files.