[xmlsec] Error: unable to get local issuer certificate

[Aleksey Sanin]

http://www.mail-archive.com/openssl-users@openssl.org/msg45532.html

wz qiang wrote:
> hi all,
> I am doing some signature verification test with trusted certificates.
> I used "xmlSecCryptoAppKeysMngrCertLoad(keys_mngr, ca_file,
> xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted)" to load the ca
> certificate into keymanager, there is <X509Data/> under
> <Signature><KeyInfo/></Signature>.
> 
> But when I verify the signature (xmlSecDSigCtxVerify), I get the
> following error. The ca certificate is exactly the one which sign the
> certificate under <X509Data/>.
> And I also tried to use
> xmlSecOpenSSLAppKeysMngrAddCertsFile(keys_mngr, cafile)  to load the
> ca ceriticate, and got the same error.
> Could somebody give some hint about sloving this problem?
> 
> func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=360:obj=x509-store:subj=X509_verify_cert:error=4:crypto
> library function
> failed:subj=/C=NO/ST=Oslo/O=UiO/CN=test;err=20;msg=unable to get local
> issuer certificate
> func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=408:obj=x509-store:subj=unknown:error=71:certificate
> verification failed:err=20;msg=unable to get local issuer certificate
> func=xmlSecKeysMngrGetKey:file=keys.c:line=1364:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec
> library function failed:
> func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key
> is not found:
> func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec
> library function failed:
> func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec
> library function failed:
> Signature verification failed for saml:assertion
> 
> Thanks in advance
> Weizhong Qiang
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec