[xmlsec] xmlsec command line question

Myers, Kevin R (Mutual Funds Technology Svcs) kevin.myers at hartfordfunds.com
Thu Jan 4 19:55:23 PST 2018

Sorry if the answer here is obvious, but was hoping someone could help me understand the difference between these two messages from xmlsec while verifying some SAML docs.

1.       This first message I get when intentionally trying to verify a (known to be valid) SAML Metadata file with the wrong cert

func=xmlSecOpenSSLEvpSignatureVerify:file=..\src\openssl\signatures.c:line=346:obj=rsa-sha256:subj=EVP_VerifyFinal:error=18:data do not match:signature do not match

2.       However when trying to verify a SAML assertion with the (thought to be) correct cert, or an incorrect cert, I get the following in both cases:

func=xmlSecOpenSSLEvpDigestVerify:file=..\src\openssl\digests.c:line=229:obj=sha256:subj=unknown:error=12:invalid data:data and digest do not match

I'm trying to debug an issue with an SAML assertion failing signature validation, and I would have expected that trying to verify the assertion with the wrong cert would produce the same error from #1...but regardless of the cert, I get the message in #2

Thanks for any help,
This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information.  If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited.  If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20180105/36d37d6f/attachment.html>

More information about the xmlsec mailing list