[xmlsec] xmlsec-nss patch
Aleksey Sanin
aleksey at aleksey.com
Sun Jul 20 19:47:05 PDT 2003
Tej,
I've looked at your changes and there is one thing that I defenetly
don't like.
You are using "certutil" tool to create the nss database. But this tool
is not
included into mozilla-nss and mozilla-nss-devel packages (read: I don't have
it on my box). Thus it makes it impossible to test nss implementation
for me.
I wonder if there is other way to create nss db directly from xmlsec.
> 11 bug fix in keys.c.
> function xmlSecKeysMngrGetKey invokes xmlSecKeyInfoNodeRead. On
> return from xmlSecKeyInfoNodeRead, it returns key if
> xmlSecKeyGetValue(key) != NULL
>
> That is incorrect because in xmlSecKeyInfoNodeRead, it is possible
> to have a key value even if xmlSecKeyMatch fails (see the for loop).
>
> I think the better way to fix it is to put a check in
> xmlSecKeyInfoNodeRead itself before returning. This will
> require adjusting the callers too. I'll let you decide :)
I think you change is ok. It's not a bug actually because we do check is
key
valid or not on the next level. But this additional check would not hurt.
Aleksey
More information about the xmlsec
mailing list