[xmlsec] KeyInfo node X509Data gets emptied when singing with xmlsec1
aleksey at aleksey.com
Mon Mar 7 12:41:58 PST 2011
On 3/7/11 3:49 AM, Markus Wernig wrote:
> Hi all
> I have a problem with xmlsec1 1.2.16 (openssl), compiled on 32 bit
> Gentoo Linux (from portage, i.e. source).
> When signing an XML document that contains a template section for the
> X509Data of the signing certificate, the node gets cleared and an empty
> newline is inserted instead for every subnode. The signature process
> overall succeeds without any messages.
> I am using this command:
> xmlsec1 --sign --pkcs12 certs/xmlsig-test.p12 --pwd testme --output
> tmpl-signed.xml tmpl-sign.xml.
> I have verified that the PKCS12 file contains both certificate and
> private key.
> I have also tried any combination of --X509-skip-strict-checks,
> --privkey-[pem|der], --pubkey-[pem|der], after extracting the cert and
> key from the .p12. The result remains the same: valid signature, but
> X509Data does not get populated (regardless of whether the signing CA
> certificate is present or not)
> This is the section in question:
> I would be very grateful for any help, as I am still very new to xmlsec.
> Thanks and kind regards
> xmlsec mailing list
> xmlsec at aleksey.com
More information about the xmlsec