[xmlsec] xmlsec-nss patch

Aleksey Sanin aleksey at aleksey.com
Sun Jul 20 19:47:05 PDT 2003


Tej,

I've looked at your changes and there is one thing that I defenetly 
don't like.
You are using "certutil" tool to create the nss database. But this tool 
is not
included into mozilla-nss and mozilla-nss-devel packages (read: I don't have
it on my box). Thus it makes it impossible to test nss implementation 
for me.
I wonder if there is other way to create nss db directly from xmlsec.

> 11 bug fix in keys.c.
> function xmlSecKeysMngrGetKey invokes xmlSecKeyInfoNodeRead. On
> return from xmlSecKeyInfoNodeRead, it returns key if
> xmlSecKeyGetValue(key) != NULL
>
> That is incorrect because in xmlSecKeyInfoNodeRead, it is possible
> to have a key value even if xmlSecKeyMatch fails (see the for loop).
>
> I think the better way to fix it is to put a check in
> xmlSecKeyInfoNodeRead itself before returning. This will
> require adjusting the callers too. I'll let you decide :)

I think you change is ok. It's not a bug actually because we do check is 
key
valid or not on the next level. But this additional check would not hurt.


Aleksey





More information about the xmlsec mailing list