[xmlsec] Verify invalid certificate chain
dont.avt at gmail.com
Tue Aug 14 08:38:51 PDT 2012
I'm trying to develop simple license system using xmlsec library.
My idea was to build simple private PKI with one CA key pair and separate
key-pair for each customer.
Then I planned to sign xml license file with client certificate for each
I decided to embbed CA certificate in our app and verify certificate chain
from xml file up to CA certificate.
But I have a problem with xmlsec library. I can't find how to verify full
certificate chain with it.
I used example from here
and I have a problem when certificate chain is invalid.
I got error to console:
library function failed:subj=/C=UA/ST=Kyiv
verification failed:err=20;msg=unable to get local issuer certificate
SignedInfo References (ok/all): 1/1·
Manifests References (ok/all): 0/0·
but verification result dsigCtx->status has xmlSecDSigStatusSucceeded value.
Can you tell me how can I verify that certificate chain is invalid with
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the xmlsec