[xmlsec] invalid reference
Aleksey Sanin
aleksey at aleksey.com
Wed Apr 2 06:42:35 PST 2003
Yes, you are right, it's "--print-all" in 0.0.14. I am mostly using the
new version these days :)
I've looked at the output and I don't see any problems. XMLSec correctly
selected
and serialized required <PARes/> node with given id. However, the digest
claculated
by XMLSec does ot match the one calclulated by signer. There are several
possible reasons
and I would say that most likely it's either a bug in the signer and/or
xmlsec code (but I don't see
problems with xmlsec, it does exactly what it is supposed to) or there
is something we don't
know about the environment where signature was calculated (for example,
a DTD with default
attributes may change the canonicalization results and by this affect
digest calculation).
It's very difficult to say wat exactly happen w/o having a similar
"pre-digest" output from signer.
And again, there several over people reported similar problems. Ayhan,
Lanre, have you found
something?
Aleksey
Ferenc Raffael wrote:
>On Tue, Apr 01, 2003 at 08:04:30AM -0800, Aleksey Sanin wrote:
>
>
>
>>The error you have means that digests did not match. Several people
>>reported problems with version 1.0.2 of the <ThreeDSecure/> signatures.
>>However, I don't see problem on xmlsec side (hint, use '--store-references'
>>option) which makes me think that there is a problem with one who
>>generated this signature.
>>
>>BTW, have anyone found what is the problem???
>>
>>Aleksey
>>
>>
>
>Sorry, I haven't found any --store-references options. Which
>version do you suggest to use (I'm using 0.0.14 now)?
>
>You'll find a --print-all result attached. Could you take a
>look at it, please?
>
>
>
More information about the xmlsec
mailing list