[xmlsec] Urgent help needed : Certificate verification failed
Aleksey Sanin
aleksey at aleksey.com
Thu Jun 4 07:51:10 PDT 2009
This error means that xmlsec can't build certs chain for some reasons.
Aleksey
Ashish Agrawal wrote:
> Hi Aleksey,
>
> I ve a problem where i v a root CA and and two certificates in the
> chain, when i try to verify the chain using openssl it works :
> openssl verify -CAfile root.pem EE.pem
>
> but when i to to verify using xmlsec it fails with the error :
> func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=360:obj=x509-store:subj=X509_verify_cert:error=4:crypto
> library function failed:subj=/C=CN/ST=BJ/O=JIL/OU=JIL/CN=JIL EE
> demo;err=20;msg=unable to get local issuer certificate
> func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=408:obj=x509-store:subj=unknown:error=71:certificate
> verification failed:err=20;msg=unable to get local issuer certificate
> func=xmlSecKeysMngrGetKey:file=keys.c:line=1364:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec
> library function failed:
> func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=884:obj=unknown:subj=unknown:error=45:key
> is not found:
> func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=578:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec
> library function failed:
> func=xmlSecDSigCtxVerify:file=xmldsig.c:line=379:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec
> library function failed:
> Error: signature failed
> ERROR
> SignedInfo References (ok/all): 6/6
> Manifests References (ok/all): 0/0
>
>
> Does xmlsec imposes ny additional constraint on the certificate
> validation and if yes what are they ?
>
> Regards,
> Ashish
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
More information about the xmlsec
mailing list