santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Clive Brettingham-Moore <>
Subject Re: xml-sec 1.3Beta1
Date Tue, 16 Aug 2005 04:07:37 GMT
Sean Mullan wrote:

>> The only other modification of the library I am using at the moment 
>> is to parse reference lists correctly (at all?) during decryption.
>> For my application (OASIS WS-Security implementation), what ends up 
>> happening with encryption is that you have an encrypted key in the 
>> SOAP header using a reference list to indicate the encrypted data in 
>> the body (probably not a common pattern free form encryption, but 
>> pretty much the usage described  in the recommendation 
>> )
>> The current implementation appears to attempt parsing validation of 
>> the URI references; it is definitely broken for lists of more than 
>> one element, and fails to handle relative URIs (since they cant be 
>> parsed without a base URI).
>> My fix just gives up on parsing (and actually walks the list ;) I 
>> haven't attempted to handle child elements, but then neither does the 
>> current version.
>> For the patch its probably easiest to look at my original message 
>> (it's against 1.34 but there aren't may changes):

> I have applied your patch, thanks for that. Please test out the 1.3 RC 
> jar when it is released later this week. BTW, just FYI, but the best 
> way to ensure your bug is not forgotten is to file a report at 
> (in the "security" category).
> --Sean

Thanks, looking foward to it.
(D'oh. I followed the contrib proceedure on the site; somehow sending 
the email first must have given me a mental block on using bugzilla, and 
then there was the was 'omg it's not going to make the release' panic)


View raw message