[xmlsec] Signature Verification Problem Using X509 Certificates

Aleksey Sanin aleksey at aleksey.com
Thu Feb 21 14:57:40 PST 2008

Mostly likely you need to debug openssl :) I'll try to take a look at
it over weekend but no promises....


Paul Keeler wrote:
> Still no success I'm afraid.  I'm starting to think that the only option 
> I'm left with is to (within my application) manually parse the signed 
> document and add all of the certificates to the untrusted store. 
> Failing that I suppose I can get serious and debug xmlsec to see what's 
> going on.
> Thanks again for your ideas - and do keep them coming whilst your 
> patience persists :)
> On Thu, Feb 21, 2008 at 3:21 PM, Aleksey Sanin <aleksey at aleksey.com 
> <mailto:aleksey at aleksey.com>> wrote:
>      > My understanding (which may be flawed!) is that the following output
>      > represents a single unique chain:
>     Yes, this is a single chain :) Next idea, could you try to remove
>     the self-signed (root) certificate from the signature and just
>     supply it as the parameter to xmlsec command line utility?
>     I can see how openssl can be confused if it this certificate in
>     two places.
>     Aleksey
> ------------------------------------------------------------------------
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec

More information about the xmlsec mailing list