[xmlsec] Sign verification problems after SLES 11.3 system security update
Aleksey Sanin
aleksey at aleksey.com
Mon Apr 27 09:39:49 PDT 2015
Did you rebuild xmlsec after the upgrade?
Aleksey
On 4/26/15 11:20 PM, Igor Sokolov wrote:
> Something weird happened after SLES 11.3 system update. There was a bunch of Openssl security updates.
> xmlsec1 sign verification is just stop working.
> On other systems (non-SLES: Mint, Windows) with the same key and file everything is ok.
> Output:
> xmlsec1 verify --print-debug --privkey-pem ibrsStubPublicKey.pem request.txt
> error : Unknown IO error
> func=xmlSecKeysMngrGetKey:file=keys.c:line=1370:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec library function failed:
> func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=889:obj=unknown:subj=unknown:error=45:key is not found:
> func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=581:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec library function failed:
> func=xmlSecDSigCtxVerify:file=xmldsig.c:line=382:obj=unknown:subj=xmlSecDSigCtxSignatureProcessNode:error=1:xmlsec library function failed:
> Error: signature failed
> ERROR
> SignedInfo References (ok/all): 1/1
> Manifests References (ok/all): 0/0
> = VERIFICATION CONTEXT
> == Status: unknown
> == flags: 0x00000000
> == flags2: 0x00000000
> == Key Info Read Ctx:
> = KEY INFO READ CONTEXT
> == flags: 0x00000000
> == flags2: 0x00000000
> == enabled key data: all
> == RetrievalMethod level (cur/max): 0/1
> == TRANSFORMS CTX (status=0)
> == flags: 0x00000000
> == flags2: 0x00000000
> == enabled transforms: all
> === uri: NULL
> === uri xpointer expr: NULL
> == EncryptedKey level (cur/max): 0/1
> === KeyReq:
> ==== keyId: dsa
> ==== keyType: 0x00000001
> ==== keyUsage: 0x00000002
> ==== keyBitsSize: 0
> === list size: 0
> == Key Info Write Ctx:
> = KEY INFO WRITE CONTEXT
> == flags: 0x00000000
> == flags2: 0x00000000
> == enabled key data: all
> == RetrievalMethod level (cur/max): 0/1
> == TRANSFORMS CTX (status=0)
> == flags: 0x00000000
> == flags2: 0x00000000
> == enabled transforms: all
> === uri: NULL
> === uri xpointer expr: NULL
> == EncryptedKey level (cur/max): 0/1
> === KeyReq:
> ==== keyId: NULL
> ==== keyType: 0x00000001
> ==== keyUsage: 0xffffffff
> ==== keyBitsSize: 0
> === list size: 0
> == Signature Transform Ctx:
> == TRANSFORMS CTX (status=0)
> == flags: 0x00000000
> == flags2: 0x00000000
> == enabled transforms: all
> === uri: NULL
> === uri xpointer expr: NULL
> === Transform: c14n-with-comments (href=http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments)
> === Transform: dsa-sha1 (href=http://www.w3.org/2000/09/xmldsig#dsa-sha1)
> == Signature Method:
> === Transform: dsa-sha1 (href=http://www.w3.org/2000/09/xmldsig#dsa-sha1)
> == SignedInfo References List:
> === list size: 1
> = REFERENCE VERIFICATION CONTEXT
> == Status: succeeded
> == URI: ""
> == Reference Transform Ctx:
> == TRANSFORMS CTX (status=2)
> == flags: 0x00000000
> == flags2: 0x00000000
> == enabled transforms: all
> === uri: NULL
> === uri xpointer expr: NULL
> === Transform: enveloped-signature (href=http://www.w3.org/2000/09/xmldsig#enveloped-signature)
> === Transform: c14n (href=http://www.w3.org/TR/2001/REC-xml-c14n-20010315)
> === Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1)
> === Transform: membuf-transform (href=NULL)
> == Digest Method:
> === Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1)
> == Manifest References List:
> === list size: 0
> Error: failed to verify file "request.txt"
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
>
More information about the xmlsec
mailing list