[xmlsec] Error: unable to get local issuer certificate

Aleksey Sanin aleksey at aleksey.com
Tue Jul 15 11:33:51 PDT 2008 

Try to reproduce the problem using xmlsec1 command line tool

Aleksey

wz qiang wrote:
> hello,
> I knew it is a openssl problem. :)
> But the strange thing is that the same certificate and ca certificate
> works well when I use tls.
> SSL_CTX_load_verify_locations(sslctx_, ca_file_.c_str(), NULL)
> 
> So I would know whether there is something wrong when I use xmlsec.
> 
> Thanks
> Weizhong Qiang
> 
> On 7/15/08, Aleksey Sanin <aleksey at aleksey.com> wrote:
>> http://www.mail-archive.com/openssl-users@openssl.org/msg45532.html
>>
>> wz qiang wrote:
>>> hi all,
>>> I am doing some signature verification test with trusted certificates.
>>> I used
>> "xmlSecCryptoAppKeysMngrCertLoad(keys_mngr,
>> ca_file,
>>> xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted)" to load the ca
>>> certificate into keymanager, there is <X509Data/> under
>>> <Signature><KeyInfo/></Signature>.
>>>
>>> But when I verify the signature (xmlSecDSigCtxVerify), I get the
>>> following error. The ca certificate is exactly the one which sign the
>>> certificate under <X509Data/>.
>>> And I also tried to use
>>> xmlSecOpenSSLAppKeysMngrAddCertsFile(keys_mngr, cafile)
>> to load the
>>> ca ceriticate, and got the same error.
>>> Could somebody give some hint about sloving this problem?
>>>
>>>
>> func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=360:obj=x509-store:subj=X509_verify_cert:error=4:crypto
>>> library function
>>> failed:subj=/C=NO/ST=Oslo/O=UiO/CN=test;err=20;msg=unable
>> to get local
>>> issuer certificate
>>>
>> func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=408:obj=x509-store:subj=unknown:error=71:certificate
>>> verification failed:err=20;msg=unable to get local issuer certificate
>>>
>> func=xmlSecKeysMngrGetKey:file=keys.c:line=1364:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec
>>> library function failed:
>>>
>> func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key
>>> is not found:
>>>
>> func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec
>>> library function failed:
>>>
>> func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec
>>> library function failed:
>>> Signature verification failed for saml:assertion
>>>
>>> Thanks in advance
>>> Weizhong Qiang
>>> _______________________________________________
>>> xmlsec mailing list
>>> xmlsec at aleksey.com
>>> http://www.aleksey.com/mailman/listinfo/xmlsec
>>>
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec

More information about the xmlsec mailing list