[xmlsec] Verifying SOAP signature with the Xmlsec utility

Aleksey Sanin aleksey at aleksey.com
Mon Jun 6 10:23:00 PDT 2005


If you are using exc-c14n (and I guess you are using it because of
SOAP :) ) and you have xml attributes (e.g. xml:lang) in the signed
xml fragment then it is likely that you might be affected by the
following bug in exc c14n implementation:

http://mail.gnome.org/archives/xml/2005-June/msg00001.html

It would be really great if you can try the latest LibXML2 CVS snapshot
tomorrow and let me know if it fixes your problem.

Thanks,
Aleksey



Geir S.Eidissen wrote:
> Thanks for answering!
> 
> So, if I understand you correctly, verifying a signed SOAP message should
> work OK with the utility, given that the message is unmodified and the c14n
> implementation of the sender is correct. 
> 
> Best regards 
> Geir S. Eidissen
> 
> 
> 
> -----Original Message-----
> From: Aleksey Sanin [mailto:aleksey at aleksey.com] 
> Sent: 17. april 2005 18:01
> To: Geir Ståle Eidissen
> Cc: xmlsec at aleksey.com
> Subject: Re: [xmlsec] Verifying SOAP signature with the Xmlsec utility
> 
> 
> I don't think that the problem is in the xmlsec flags. It looks like
> Reference's digests do not match. The possible reasons are:
> 1) Document was modified after signature was done (intentionaly or not
> intentionaly).
> 2) There is an incompatibility between the app you used to sign document and
> xmlsec (most likely, in c14n).
> 3) Something else very bad happened.
> 
> Aleksey
> 
> 


More information about the xmlsec mailing list