[xmlsec] Error: unable to get local issuer certificate

wz qiang weizhongqiang at gmail.com
Tue Jul 15 08:45:23 PDT 2008 

hello,
I knew it is a openssl problem. :)
But the strange thing is that the same certificate and ca certificate
works well when I use tls.
SSL_CTX_load_verify_locations(sslctx_, ca_file_.c_str(), NULL)

So I would know whether there is something wrong when I use xmlsec.

Thanks
Weizhong Qiang

On 7/15/08, Aleksey Sanin <aleksey at aleksey.com> wrote:
> http://www.mail-archive.com/openssl-users@openssl.org/msg45532.html
>
> wz qiang wrote:
> >
> > hi all,
> > I am doing some signature verification test with trusted certificates.
> > I used
> "xmlSecCryptoAppKeysMngrCertLoad(keys_mngr,
> ca_file,
> > xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted)" to load the ca
> > certificate into keymanager, there is <X509Data/> under
> > <Signature><KeyInfo/></Signature>.
> >
> > But when I verify the signature (xmlSecDSigCtxVerify), I get the
> > following error. The ca certificate is exactly the one which sign the
> > certificate under <X509Data/>.
> > And I also tried to use
> > xmlSecOpenSSLAppKeysMngrAddCertsFile(keys_mngr, cafile)
> to load the
> > ca ceriticate, and got the same error.
> > Could somebody give some hint about sloving this problem?
> >
> >
> func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=360:obj=x509-store:subj=X509_verify_cert:error=4:crypto
> > library function
> > failed:subj=/C=NO/ST=Oslo/O=UiO/CN=test;err=20;msg=unable
> to get local
> > issuer certificate
> >
> func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=408:obj=x509-store:subj=unknown:error=71:certificate
> > verification failed:err=20;msg=unable to get local issuer certificate
> >
> func=xmlSecKeysMngrGetKey:file=keys.c:line=1364:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec
> > library function failed:
> >
> func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key
> > is not found:
> >
> func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec
> > library function failed:
> >
> func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec
> > library function failed:
> > Signature verification failed for saml:assertion
> >
> > Thanks in advance
> > Weizhong Qiang
> > _______________________________________________
> > xmlsec mailing list
> > xmlsec at aleksey.com
> > http://www.aleksey.com/mailman/listinfo/xmlsec
> >
>

More information about the xmlsec mailing list