santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "jason marshall" <jdmarsh...@gmail.com>
Subject Known C14N bugs?
Date Wed, 03 Sep 2008 22:11:37 GMT
Where can I get a list of the known C14N bugs in XMLSec 1.3.0?

I have a problem where one of my unit tests is incorrectly failing due
to a pattern like the following:


<ds:Reference Type="http://www.w3.org/2000/09/xmldsig#SignatureProperties"
URI="#47b38f3b">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></ds:DigestMethod>
<ds:DigestValue>qZhbpRF5y9PMnNsegBonsB1UTNjt3dE/t4P/NbFvFIE=</ds:DigestValue>
</ds:Reference>

...
<ds:SignatureProperties Id="47b38f3b">
<!-- I'm just a little black raincloud... -->
<ds:SignatureProperty ...


The comment has been programatically added to the SignatureProperties
node to prove that comments aren't included in the digested data.
If I take out the carriage return after the comment, the test passes
as expected.  With the newline, it fails.  My understanding of C14N
without comments is that this code is in error.  Am I right?  Was this
fixed in a later version?

(Is there a newer version that doesn't have any regressions in it?
The general bug history seems to indicate the answer is 'no')

Thanks,


-- 
- Jason

Mime
View raw message