[xmlsec] Verifying SOAP signature with the Xmlsec utility

Aleksey Sanin aleksey at aleksey.com
Fri Jun 10 00:02:58 PDT 2005


Good! Thanks for letting me know :)

Aleksey

Geir S. Eidissen wrote:
> Sorry for the late response. It was as you first suggested a mismatch
> between applications, and xmlsec was right. 
> Problem is now solved. There were no xml attributes in the actual message.
> 
> G.
> 
> -----Original Message-----
> From: Aleksey Sanin [mailto:aleksey at aleksey.com] 
> Sent: 6. juni 2005 19:23
> To: Geir Ståle Eidissen; xmlsec at aleksey.com
> Subject: Re: [xmlsec] Verifying SOAP signature with the Xmlsec utility
> 
> 
> If you are using exc-c14n (and I guess you are using it because of SOAP :) )
> and you have xml attributes (e.g. xml:lang) in the signed xml fragment then
> it is likely that you might be affected by the following bug in exc c14n
> implementation:
> 
> http://mail.gnome.org/arives/xml/2005-June/msg00001.html
> 
> It would be really great if you can try the latest LibXML2 CVS snapshot
> tomorrow and let me know if it fixes your problem.
> 
> Thanks,
> Aleksey
> 
> 
> 
> Geir S.Eidissen wrote:
> 
>>Thanks for answering!
>>
>>So, if I understand you correctly, verifying a signed SOAP message 
>>should work OK with the utility, given that the message is unmodified 
>>and the c14n implementation of the sender is correct.
>>
>>Best regards
>>Geir S. Eidissen
>>
>>
>>
>>-----Original Message-----
>>From: Aleksey Sanin [mailto:aleksey at aleksey.com]
>>Sent: 17. april 2005 18:01
>>To: Geir Ståle Eidissen
>>Cc: xmlsec at aleksey.com
>>Subject: Re: [xmlsec] Verifying SOAP signature with the Xmlsec utility
>>
>>
>>I don't think that the problem is in the xmlsec flags. It looks like 
>>Reference's digests do not match. The possible reasons are:
>>1) Document was modified after signature was done (intentionaly or not 
>>intentionaly).
>>2) There is an incompatibility between the app you used to sign 
>>document and xmlsec (most likely, in c14n).
>>3) Something else very bad happened.
>>
>>Aleksey
>>
>>
> 
> 


More information about the xmlsec mailing list