[xmlsec] Signature Verification Problem Using X509 Certificates
keelerp at googlemail.com
Thu Feb 21 12:38:20 PST 2008
I've tried this on the command line already. If I add all of the
certificates as untrusted (--untrusted pem), and obviously still use the
trusted root (--trusted-pem), then xmlsec verifies the signature perfectly
with no spurious errors.
Thank you for taking an interest though.
On Thu, Feb 21, 2008 at 8:18 PM, Roumen Petrov <xmlsec at roumenpetrov.info>
> Paul Keeler wrote:
> > Still no success I'm afraid. I'm starting to think that the only option
> > left with is to (within my application) manually parse the signed
> > and add all of the certificates to the untrusted store.
> > [SNIP]
> The valid path must begin with certificates issued by a trust anchor.
> So if whole certificate chain is in untrusted store certificate cannot
> be validated.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the xmlsec