[xmlsec] Re: core methods for write of <X509SubjectName/> and <X509IssuerSerial/>

Aleksey Sanin aleksey@aleksey.com
Tue, 29 Jul 2003 08:46:59 -0700


This is a multi-part message in MIME format.
--------------050403000105070000000401
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit


>> Well, this patch still has some problems:
>>     0) The "writer" approach you use is less flexible than "flags" 
>> approach
>>     I have suggested. For example, it does not allow you to write *both*
>>     subject name and issuer serial nodes which might be required.
>
>
> O.K. I'm surprised - verify work when <X509Data> contain more than one 
> tag ( as example
> X509SubjectName and X509Certificate) for same certificate.

Why not? It might happen that one client is optimised to do cert lookup 
by subject name
and another one prefers to use serial number. If you put both in 
X509Data then you help both :)


> X509IssuerSerial node can contain two subnodes and check for empty 
> should be
> more precise. Current source will remove content of non empty 
> X509IssuerSerial node.

Yes, you are right. xmlSecIsEmptyNode () should check for element 
children. I have fixed it
(patch attached).


> Between X509Data subnodes we can have text nodes. 

According to the XMLDSig, only whitespace text nodes are allowed. Thus 
we don't care.
I don't think that formatting is such a big issues.

>
> Is allowed to have text in X509Data ? 

Only whitespaces.

>
> At moment I'm not sure what is better:
> - XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE
> or
> - XMLSEC_KEYINFO_FLAGS_CONTINUE_ON_EMPTY_NODE
> When we try to verify xml file, according to schema definition 
> X509Data can be empty, but subnode cannot be empty. In this case I 
> think that we should stop on empty subnode. This mode I denominate 
> "plain reading".
> When we try to sign xml we are in other mode "template reading". In 
> this mode empty subnodes should be allowed.
> I will try to find where to set up flag in the source code 
> (xmlSecDSigCtxVerify/xmlSecDSigCtxSign  ....?).

I don't see how an empty X509Data child can make any harm. It would not 
influence the signature
verification thus I think that "by default" it should be allowed.




> What is better:
> - if(xmlSecIsEmptyNode(cur) == 1)
> or
> - if(xmlSecIsEmptyNode(cur) != 0)
> ?

" == 1" is better :) xmlSecIsEmptyNode() returns a negative value if an 
error occurs
(see documentation right before the function) :)



Aleksey



--------------050403000105070000000401
Content-Type: text/plain;
 name="xmltree.c.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="xmltree.c.diff"

Index: src/xmltree.c
===================================================================
RCS file: /cvs/gnome/xmlsec/src/xmltree.c,v
retrieving revision 1.26
diff -u -r1.26 xmltree.c
--- src/xmltree.c	28 Jul 2003 19:07:54 -0000	1.26
+++ src/xmltree.c	29 Jul 2003 15:43:53 -0000
@@ -630,6 +630,10 @@
     int res;
     
     xmlSecAssert2(node != NULL, -1);
+
+    if(xmlSecGetNextElementNode(node->children) != NULL) {
+	return(0);
+    }
     
     content = xmlNodeGetContent(node);
     if(content == NULL) {

--------------050403000105070000000401--