[xmlsec] Verifying signature with embedded x509 cert

Aleksey Sanin aleksey at aleksey.com
Tue Dec 4 07:29:03 PST 2007


Try this one then xmlSecOpenSSLAppKeyCertLoadMemory()

Aleksey

Jim Nutt wrote:
> No joy. It refuses to load the key. The irony is that I can use the 
> xmlsec utility and pass it the name of the temp file I create with the 
> key and it will load and verify. It just won't do it in my program. 
> Here's the errors I'm seeing:
> 
> func=xmlSecOpenSSLAppKeyLoadBIO:file=app.c:line=260:obj=unknown:subj=d2i_PrivateKey_bio 
> and d2i_PUBKEY_bio:error=4:crypto library function failed:
> func=xmlSecOpenSSLAppKeyLoadMemory:file=app.c:line=193:obj=unknown:subj=xmlSecOpenSSLAppKeyLoadBIO:error=1:xmlsec 
> library function failed:
> func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key 
> is not found:
> func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec 
> library function failed:
> func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec 
> library function failed:
> 
> The signature will verify with the xmlsec utility if I pass it the cert, 
> just not from my program. My next step is to reduce things to the bare 
> essentials and try again
> 
> On Dec 4, 2007 2:03 AM, Aleksey Sanin <aleksey at aleksey.com 
> <mailto:aleksey at aleksey.com>> wrote:
> 
>     xmlSecOpenSSLAppKeyLoadMemory() ???
> 
>     Aleksey
> 
>     Jim Nutt wrote:
>      > Ok, I'm pulling my hair out on this one. I'm trying to verify an xml
>      > signature based on the x509 certificate embedded in the keyinfo
>     and I
>      > can not get it to work. If I verify using the same pem file I
>     used for
>      > signing, it verifies ok, so I know the signature is valid. The
>     problem
>      > is getting it to validate without going to the original pem file.
>     I've
>      > tried the straight forward method of letting xmlSecDSigVerify
>     load the
>      > key, but it can't find the key in signature. I've even tried
>     writing the
>      > base64 data to a file (bracketed with -----BEGIN CERTIFICATE-----
>     and
>      > -----END CERTIFICATE-----) and then loading that file as the
>      > certificate. It refuses to read the file. And yes, I know the
>     file is a
>      > valid pem file because openssl x509 -in filename -text reads it
>     just fine.
>      >
>      > Any suggestions would be greatly appreciated, as I'm on a time
>     crunch on
>      > this (now... wasn't when I started... *sigh*)
>      >
>      > --
>      > Jim Nutt
>      > http://jim.nuttz.org <http://jim.nuttz.org>
>      >
>      >
>      >
>     ------------------------------------------------------------------------
>      >
>      > _______________________________________________
>      > xmlsec mailing list
>      > xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>
>      > http://www.aleksey.com/mailman/listinfo/xmlsec
>     <http://www.aleksey.com/mailman/listinfo/xmlsec>
> 
> 
> 
> 
> -- 
> Jim Nutt
> http://jim.nuttz.org



More information about the xmlsec mailing list