santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Scott Cantor" <>
Subject RE: Core Validation Failing .. now what?
Date Thu, 28 Feb 2008 02:56:53 GMT
> The output of my debugging shows the SignedInfo as:

Using email for this is pointless. Any whitespace will throw off the result,
so you'd need to compare them byte for byte on your own.

> What occurs to me is that there is an empty X509Certificate element. I
> get a "DerInputStream.getLength(): lengthTag=127, too big." error if I
> leave it in, and I get the validation failure if i take it out.
> Perhaps this is the root of the problem?

KeyInfo isn't part of the signature, and all that's probably doing is
creating a "masking" error ahead of the validation error. It's certainly
invalid to have an empty element there though.

-- Scott

View raw message