[xmlsec] New xmlsec 1.2.19 release

Daniel Veillard veillard at redhat.com
Wed Mar 27 20:35:09 PDT 2013 

[ Found and patched on monday but the mail didn't reach out the list,
  sending again (problem on my side !) ]

On Sun, Mar 24, 2013 at 02:54:10PM -0700, Aleksey Sanin wrote:
> The new XML Security Library 1.2.19 adds support for DSA-SHA256,
> ECDSA-SHA1, ECDSA-SHA224, ECDSA-SHA256, ECDSA-SHA384, ECDSA-SHA512
> and fixes a number of miscellaneous bugs.
> 
>    http://www.aleksey.com/xmlsec/download.html
> 
> Thanks to Mak Kolybabi, Roumen Petrov and everyone else for contributing
> patches and reporting bugs.

  Thanks but there is a small problem here, ECDSA is not shipped as
part of openssl (possibly for patent reasons but IANAL !) for Fedora,
and Red Hat Enterprise Linux so the build breaks with:

In file included from app.c:31:0:
../../include/xmlsec/openssl/crypto.h:204:27: fatal error:
openssl/ecdsa.h: No such file or directory

  I suppose the appropriate way to get this fixed is to do a configure
time test for the ecdsa.h header and if not found disable that part.
I see there is already a XMLSEC_NO_ECDSA define so hopefully the code
won't need to be changed. I tried quickly to see if I could provide a
fix but failed, maybe the simplest is to use the fact that if it
is explicitely disabled at compile time including <openssl/opensslconf.h>
brings back a OPENSSL_NO_ECDSA define via the
openssl/opensslconf-$arch.h , see enclosed patch, i am not sure it is
the most portable patch and possibly a bit redundant with the following
explicit setup of -DXMLSEC_NO_ECDSA=1 based on the version number,
but a double define sounds like the worse case.

 thanks,

Daniel

-- 
Daniel Veillard      | Open Source and Standards, Red Hat
veillard at redhat.com  | libxml Gnome XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | virtualization library  http://libvirt.org/
-------------- next part --------------
--- configure.in.old	2013-03-25 20:12:45.641324517 +0800
+++ configure.in	2013-03-25 20:16:55.455082932 +0800
@@ -508,6 +508,22 @@
 fi    
 
 if test "z$OPENSSL_FOUND" = "zyes" ; then
+    dnl Check availability of ECDSA
+    OLD_CPPFLAGS=$CPPFLAGS
+    CPPFLAGS="$OPENSSL_CFLAGS"
+
+    AC_EGREP_CPP(yes,[
+	#include <openssl/opensslconf.h>
+	#ifdef OPENSSL_NO_ECDSA
+	    yes
+	#endif
+    ],[
+	OPENSSL_CFLAGS="$OPENSSL_CFLAGS -DXMLSEC_NO_ECDSA=1"
+    ]) 
+    CPPFLAGS=$OLD_CPPFLAGS
+fi
+
+if test "z$OPENSSL_FOUND" = "zyes" ; then
     XMLSEC_NO_OPENSSL="0"
     if test "z$OPENSSL_VERSION" = "z0.9.6" ; then
 	OPENSSL_CFLAGS="$OPENSSL_CFLAGS -DXMLSEC_OPENSSL_096=1 -DXMLSEC_NO_ECDSA=1"

More information about the xmlsec mailing list