[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pkinit integration with smart card

> that error is HX509_CMS_NO_RECIPIENT_CERTIFICATE and it means that the
> CMS lib doesn't find the certificate that made the signature/ 
> encryption. I assume
> DH is used, so that would be signature then.
> I need to add more debug message to figure out, but inf you can run  
> gdb on kinit
> and try to figure out why find_CMSIdentifier() doesn't find the  
> certificate (if its even passed
> back from the KDC).

I've sprinked some more error message, tonight snapshot will  
hopefully tell you whats missing
if I got the bridge between hx509 and krb5 libs right. hxtool now  
tells me this on the same type
of failure:

$ hxtool cms-verify-sd .... test-signed-data-noattr-nocerts sd.data.out
hxtool: hx509_cms_verify_signed: Failed to find cert issued by  
C=SE,CN=hx509 Test Root CA with serial number 02