[xmlsec] Verifying signature with embedded x509 cert
Jim Nutt
jim at nuttz.org
Mon Dec 3 23:21:12 PST 2007
No joy. It refuses to load the key. The irony is that I can use the xmlsec
utility and pass it the name of the temp file I create with the key and it
will load and verify. It just won't do it in my program. Here's the errors
I'm seeing:
func=xmlSecOpenSSLAppKeyLoadBIO:file=
app.c:line=260:obj=unknown:subj=d2i_PrivateKey_bio and
d2i_PUBKEY_bio:error=4:crypto library function failed:
func=xmlSecOpenSSLAppKeyLoadMemory:file=
app.c:line=193:obj=unknown:subj=xmlSecOpenSSLAppKeyLoadBIO:error=1:xmlseclibrary
function failed:
func=xmlSecDSigCtxProcessKeyInfoNode:file=
xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key is not found:
func=xmlSecDSigCtxProcessSignatureNode:file=
xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlseclibrary
function failed:
func=xmlSecDSigCtxVerify:file=
xmldsig.c:line=366:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlseclibrary
function failed:
The signature will verify with the xmlsec utility if I pass it the cert,
just not from my program. My next step is to reduce things to the bare
essentials and try again
On Dec 4, 2007 2:03 AM, Aleksey Sanin <aleksey at aleksey.com> wrote:
> xmlSecOpenSSLAppKeyLoadMemory() ???
>
> Aleksey
>
> Jim Nutt wrote:
> > Ok, I'm pulling my hair out on this one. I'm trying to verify an xml
> > signature based on the x509 certificate embedded in the keyinfo and I
> > can not get it to work. If I verify using the same pem file I used for
> > signing, it verifies ok, so I know the signature is valid. The problem
> > is getting it to validate without going to the original pem file. I've
> > tried the straight forward method of letting xmlSecDSigVerify load the
> > key, but it can't find the key in signature. I've even tried writing the
> > base64 data to a file (bracketed with -----BEGIN CERTIFICATE----- and
> > -----END CERTIFICATE-----) and then loading that file as the
> > certificate. It refuses to read the file. And yes, I know the file is a
> > valid pem file because openssl x509 -in filename -text reads it just
> fine.
> >
> > Any suggestions would be greatly appreciated, as I'm on a time crunch on
> > this (now... wasn't when I started... *sigh*)
> >
> > --
> > Jim Nutt
> > http://jim.nuttz.org <http://jim.nuttz.org>
> >
> >
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > xmlsec mailing list
> > xmlsec at aleksey.com
> > http://www.aleksey.com/mailman/listinfo/xmlsec
>
--
Jim Nutt
http://jim.nuttz.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.aleksey.com/pipermail/xmlsec/attachments/20071204/89411920/attachment-0002.htm
More information about the xmlsec
mailing list