[xmlsec] Verifying signature with embedded x509 cert

[Aleksey Sanin]

Yes, it will get a key from the certificate! You need a trusted
certificate (e.g. root CA certificate) to have the certificate
in the signature verified.

Aleksey


Jim Nutt wrote:
> Ok, a bit more info. The xmlsec utility will verify the signature 
> without being passed the pem file separately, so it apparently is able 
> to suck the key from the signature. I'm trying to create a minimal size 
> code set that demonstrates the problem, I'll post that when I have it.
>