[xmlsec] Verifying signature with embedded x509 cert

Jim Nutt jim at nuttz.org
Mon Dec 3 22:53:13 PST 2007


Ok, I'm pulling my hair out on this one. I'm trying to verify an xml
signature based on the x509 certificate embedded in the keyinfo and I can
not get it to work. If I verify using the same pem file I used for signing,
it verifies ok, so I know the signature is valid. The problem is getting it
to validate without going to the original pem file. I've tried the straight
forward method of letting xmlSecDSigVerify load the key, but it can't find
the key in signature. I've even tried writing the base64 data to a file
(bracketed with -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----)
and then loading that file as the certificate. It refuses to read the file.
And yes, I know the file is a valid pem file because openssl x509 -in
filename -text reads it just fine.

Any suggestions would be greatly appreciated, as I'm on a time crunch on
this (now... wasn't when I started... *sigh*)

-- 
Jim Nutt
http://jim.nuttz.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.aleksey.com/pipermail/xmlsec/attachments/20071204/e1a4e6a1/attachment-0002.htm


More information about the xmlsec mailing list