[xmlsec] building without DTD validation support in libxml
Bernd Becker
bb at bernd-becker.de
Thu May 12 06:20:39 PDT 2005
OK, I understand your concern. It seems that the xmlsec library doesn't use
any
of the DTD validation stuff directly. But a conformant application would
need to.
In my case I am generating very "simple" xml signatures and I don't need it.
But I can live either with compiling libxml with dtd-validation (only about
64K
size difference of the library) or with building just the xmlsec library
(without
the apps).
By the way, this is how I am building libxml for my xmlsec application
(dsig only):
--with-catalog=no \
--with-debug=no \
--with-docbook=no \
--with-ftp=no \
--with-html=no \
--with-http=no \
--with-iconv=no \
--with-legacy=no \
--with-pattern=no \
--with-python=no \
--with-schemas=no \
--with-xinclude=no \
--with-zlib=no \
--with-modules=no \
--with-regexps=no \
Do you see other "conformancy" problems with that?
Thanks,
Bernd
--On Thursday, May 12, 2005 08:17:06 -0400 Daniel Veillard
<veillard at redhat.com> wrote:
> On Thu, May 12, 2005 at 12:48:01PM +0200, Bernd Becker wrote:
>> Hi again,
>>
>> I am trying to build a "minimal" version of libxml and xmlsec, as I just
>> need
>> some of the xmldsig stuff.
>> So I compiled libxml2 with configure --with-valid=no (i.e. without DTD
>> validation support). Building the xmlsec application fails (the lib
>> builds fine):
>>
>> xmlsec.o(.text+0x1cc5): In function `xmlSecAppXmlDataCreate':
>> xmlsec1-1.2.8/apps/xmlsec.c:2453: undefined reference to `xmlParseDTD'
>> xmlsec.o(.text+0x1d3f):xmlsec1-1.2.8/apps/xmlsec.c:2463: undefined
>> reference to `xmlValidateDtd'
>>
>> So I conditionally exclude the code around "dtdFileParam" with
>> ifdef LIBXML_VALID_ENABLED, which is picked up from libxml/xmlversion.h.
>>
>> Of course this causes all tests (with make check) that use --dtd-file
>> to fail.
>>
>> Is that OK?
>
> Seems you're then building a non-conformant library, and if that's the
> case it should be forbidden. xmlsec needs DTD to have a conformant XPath
> implementation, which in turn is needed to have a conformant xmlsec
> implementation -this is a guess I didn't look precisely- and in that
> case I would prefer to see a compilation error than non-compliant build
> spreading around (guess who whould take the heat if people start to
> complain about the divergence from the standard.)
>
> Daniel
More information about the xmlsec
mailing list