Thanks! I've built and integrated it and it appears to be working just fine. I've got some more date testing to do once I can get my test system to quit being cranky -- but it looks good from the command line and with general operations. Thanks for all your help! Ferrell
-----Original Message----- From: Aleksey Sanin [mailto:aleksey@;aleksey.com] Sent: Friday, October 11, 2002 3:08 PM To: Moultrie, Ferrell (ISSAtlanta) Cc: [EMAIL PROTECTED] Subject: Re: [xmlsec] Verify signature after certificate expired Hm.. I just pulled out the fresh copy from CVS and the changes are there. I have only one idea: you are using anonymous CVS access and it takes some time to propagate the checkins from real Gnome CVS server to the anonymous one. Most likely there were a lot of checkins this morning or some kind of GNOME new version was released. Or may be these "push" system simply do not work. I forced a snapshot creation and it should be there: ftp://ftp.aleksey.com/pub/xmlsec/snapshots/xmlsec-021011.1.tar.gz Please let me know if something is wrong. Aleksey Moultrie, Ferrell (ISSAtlanta) wrote: >Aleksey: > Please excuse me for being a CVS newbie but I can see your checkin in >the CVS browser but when I attempt to retrieve them: >cvs -z3 update -Pd xmlsec >... it updated only errors.h from yesterday's pull. Is there something >else that I need to do to get the latest checkin? >Thanks! > Ferrell > >-----Original Message----- >From: Aleksey Sanin [mailto:aleksey@;aleksey.com] >Sent: Friday, October 11, 2002 12:30 PM >To: Aleksey Sanin >Cc: Moultrie, Ferrell (ISSAtlanta); [EMAIL PROTECTED] >Subject: Re: [xmlsec] Verify signature after certificate expired > > >I've removed strptime() usage and switched to your code completelly :) > Thanks! >As you've requested, I've added additional errors for the cert >verification and, >for example, when cert has expired errors stack looks now as follows: > >[aleksey]> ../apps/xmlsec verify --trusted ../tests/keys/cacert.pem >--allowed x509 ../tests/aleksey-xmldsig-01/enveloping-expired-cert.xml >xmlSecX509StoreVerify (x509.c:1084): error 46: cert has expired : >error=10 (certificate has expired) >xmlSecX509DataNodeRead (keyinfo.c:1196): error 41: cert verification >failed : >xmlSecKeysMngrGetKey (keys.c:518): error 17: key not found : >xmlSecSignedInfoRead (xmldsig.c:1437): error 17: key not found : >xmlSecSignatureRead (xmldsig.c:1175): error 2: xmlsec operation failed : > >xmlSecSignedInfoRead - -1 >xmlSecDSigValidate (xmldsig.c:733): error 2: xmlsec operation failed : >xmlSecSignatureRead - -1 >Error: operation failed >ERROR > > >Aleksey. > > >Aleksey Sanin wrote: > > > >>Thanks for the patch! I'll take a look at it later today. Of course, >>you have the information >>about the reason why verification failed. I'll try to add the code to >>xmlsec to expose >>this information to the application. >> >> >> > > >_______________________________________________ >xmlsec mailing list >[EMAIL PROTECTED] >http://www.aleksey.com/mailman/listinfo/xmlsec > > _______________________________________________ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec
