[xmlsec] libxml2 --without-http ... and xmlsec
Roumen Petrov
xmlsec at roumenpetrov.info
Fri Jul 4 04:02:27 PDT 2003
Aleksey Sanin wrote:
> Sorry, your patch is incorrect.
O.K.
> Some tests from the tests suite use
> external resources thus require HTTP support. Currently, if LibXML
> does not have http/ftp compiled in, the xmlsec fails with an error
> that indicates a problem with IO. Your patch masks the problem
> with dummy http/ftp callbacks which is wrong.
O.K.
Other side effect from my patch is that test
"merlin-xmldsig-twenty-three/signature-external-b64-dsa" can fail when
we don't have IO error and external resource return zero(!) bytes or not
whole document. It's really happen - I have problem with some (broken,
heavy loaded, overloaded or ???) application servers: they return HTTP
200 (no error) but data is zero bytes (error).
I'm not sure that user should be warned at configure time when LibXML is
without http/ftp compiled in. Runtime IO error message ("...io function
failed:uri"...) is good (enough).
My question, as novice for xmlsec is how important for
"merlin-xmldsig-twenty-three/signature-external-b64-dsa" test is data
referenced from URIs ?
As I can see URL resource is important as name(string), but what about
content of resource ? I miss out on something.
What is relation between "<Reference URI="#object">...<Object
Id="object">c29tZSB0ZXh0</Object>" and "<Reference
URI="http://www.w3.org/Signature/2002/04/xml-stylesheet.b64">", i.e.
when I would instead of external to use enveloping signature, how to
compute object id, where to look in source or better to remove URI?
> Also the user might
> have reasons to compile LibXML without HTTP/FTP support because
> s/he wants to use her/his own callbacks. In this case, your dummy
> callbacks will make it harder.
Really I would like to have my own callback but not in XmlLIB rather in
XmlSEC. I would like to sign and might to encrypt lots and lots of xml
documents and internet connection should not affect signing and/or
encryption process.
I discover inet conn. problem when firewall block all requests to
outside and log it. Might my problem was <Reference URI="http://... in
xml. Because this test environment (test xml files) is removed now I
cannot reproduce :-( slow signing. All work fine :-) .
More information about the xmlsec
mailing list