[xmlsec] Failed to verify

Bernardo Hoehl lists at correiofacil.com
Wed Aug 31 20:24:44 PDT 2011


Helo List,


I am trying to get XMLSEC to verify a signature, and it seems to result in an openssl error that will not trust the brazilian chain of certification...

This is the command and result:

######### Command begins:

$ export LD_LIBRARY_PATH=/opt/local/lib; ./xmlsec1 --verify --id-attr:Id infNFe --trusted-pem /Library/certs/USINA.pem /Users/bernardo/Desktop/teste.xml
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=360:obj=x509-store:subj=X509_verify_cert:error=4:crypto library function failed:subj=/C=BR/O=ICP-Brasil/OU=Autoridade Certificadora SERPROACF/OU=PRONOVA/OU=Pessoa Juridica A1/L=QUEIMADOS/ST=RJ/CN=USINA BRASILEIRA DE CRISTOBALITA LTDA:73264202000114;err=20;msg=unable to get local issuer certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=408:obj=x509-store:subj=unknown:error=71:certificate verification failed:err=20;msg=unable to get local issuer certificate
func=xmlSecKeysMngrGetKey:file=keys.c:line=1370:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key is not found: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec library function failed: 
Error: signature failed 
ERROR
SignedInfo References (ok/all): 1/1
Manifests References (ok/all): 0/0
Error: failed to verify file "/Users/bernardo/Desktop/teste.xml"

############## Command ends

I have read in openssl.org page that I could tell openssl to trust a chain of certificates using the option "-CApath directory", but I have no idea how to pass this option in the above XMLSEC command.

I apreciate any help,

Thanks,


Bernardo Höhl
Rio de Janeiro - Brazil



More information about the xmlsec mailing list