[xmlsec] Signing a document that will be altered
Aleksey Sanin
aleksey at aleksey.com
Sun Jun 29 19:19:02 PDT 2008
I highly doubt that http headers are involved in the signatures...
At least, not with xmlsec.
Aleksey
Brian.Myers at zootweb.com wrote:
>
> Hello,
> I think I'm running into a problem where the digital signature is being
> made invalid due to an http post.
> Before I send my message to serverB I encrypt it and sign it, I then
> post the message to the server.
> The post obviously adds http headers to the beginning of the message,
> such as ContentType, ContentLength, ect.
> I'm guessing that even though these headers are not inside the xml
> document, they are still affecting my digest.
>
> Is there a way to force the sign method to only sign the xml as opposed
> to the whole string? and also force
> the severB verifier to verify the xml?
>
> Thank you,
> Brian
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
More information about the xmlsec
mailing list