[xmlsec] Verifying signature with embedded x509 cert
aleksey at aleksey.com
Tue Dec 4 18:38:27 PST 2007
xmlsec loads trusted certs from the default
crypto-specific storage (e.g. root certs folder
for openssl, nss certs db for NSS, etc.)
Jim Nutt wrote:
> Do I need to load the trusted roots manually (does the xmlsec utility?)?
> If that's the case, that may be why xmlsec will verify it but my code
> won't, it doesn't load the root certificates. I'll give that a try.
> On Dec 4, 2007 8:19 PM, Aleksey Sanin <aleksey at aleksey.com
> <mailto:aleksey at aleksey.com>> wrote:
> Yes, it will get a key from the certificate! You need a trusted
> certificate (e.g. root CA certificate) to have the certificate
> in the signature verified.
> Jim Nutt wrote:
> > Ok, a bit more info. The xmlsec utility will verify the signature
> > without being passed the pem file separately, so it apparently is
> > to suck the key from the signature. I'm trying to create a
> minimal size
> > code set that demonstrates the problem, I'll post that when I
> have it.
> Jim Nutt
More information about the xmlsec