[xmlsec] Verification with x509 certificate

Aleksey Sanin aleksey at aleksey.com
Thu Apr 10 11:57:57 PDT 2008


You load *certificate* not *key* in the certificate.
You might want to use pkcs12 format to load the certificate
and the key.

Aleksey


Phillip Seaver wrote:
> Hello, all,
> 
> I successfully loaded the certificate using 
> xmlSecCryptoAppKeysMngrCertLoadMemory(), but I get 
> "func=xmlSecDSigCtxProcessKeyInfoNode:file=..\..\misc\xmlsec\src\xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key 
> is not found:" when I run xmlSecDSigCtxVerify().  Should it 
> automatically find the key in the certificate or do I need to pull it 
> out myself?
> 
> Here's what I do for setup (checking return values, of course):
> 
> xmlSecInit()
> xmlSecCryptoAppInit(NULL)
> xmlSecCryptoInit()
> xmlSecKeysMngrPtr mngr = xmlSecKeysMngrCreate();
> xmlSecCryptoAppDefaultKeysMngrInit(mngr)
> xmlSecDSigCtxPtr dsigCtx = xmlSecDSigCtxCreate(mngr);
> xmlSecCryptoAppKeysMngrCertLoadMemory(mngr,
>                            pBuffer->get(), pBuffer->size(),
>                            xmlSecKeyDataFormatCertDer, 
> xmlSecKeyDataTypeAny)
> xmlSecDSigCtxVerify(dsigCtx, nodeRoot)
> 
> Everything except xmlSecDSigCtxVerify() (and the ones that return 
> pointers) returns 0.  I'm sort of hoping it's something obvious...
> 
> Thanks,
> 
> Phillip
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec



More information about the xmlsec mailing list