Mostly likely you need to debug openssl :) I'll try to take a look at
it over weekend but no promises....
Aleksey
Paul Keeler wrote:
Still no success I'm afraid. I'm starting to think that the only option
I'm left with is to (within my application) manually parse the signed
document and add all of the certificates to the untrusted store.
Failing that I suppose I can get serious and debug xmlsec to see what's
going on.
Thanks again for your ideas - and do keep them coming whilst your
patience persists :)
On Thu, Feb 21, 2008 at 3:21 PM, Aleksey Sanin <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
> My understanding (which may be flawed!) is that the following output
> represents a single unique chain:
Yes, this is a single chain :) Next idea, could you try to remove
the self-signed (root) certificate from the signature and just
supply it as the parameter to xmlsec command line utility?
I can see how openssl can be confused if it this certificate in
two places.
Aleksey
------------------------------------------------------------------------
_______________________________________________
xmlsec mailing list
xmlsec@aleksey.com
http://www.aleksey.com/mailman/listinfo/xmlsec
_______________________________________________
xmlsec mailing list
xmlsec@aleksey.com
http://www.aleksey.com/mailman/listinfo/xmlsec