<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1">
<title></title>
</head>
<body>
__FUNCTION__ is defined *only* inside function. According to C99 spec<br>
it has no defined in the global scope (outside any function).<br>
<br>
Aleksey<br>
<br>
Moultrie, Ferrell (ISSAtlanta) wrote:<br>
<blockquote type="cite"
cite="mid121184A7DB1F9143BB5E3FACCB548757599CD4@atlmaiexcp02.iss.local">
<pre wrap="">Igor/Aleksey:
I just tried the change below and it works with MSVC 6.0 SP4. Thanks
for explaining what that macro is all about. One other thought though ..
What about something like:
#ifdef __FUNCTION__
...
#endif
That would seem to work without being tied to a specific compiler
version or platform.
Ferrell
-----Original Message-----
From: Igor Zlatkovic [<a class="moz-txt-link-freetext" href="mailto:igor@stud.fh-frankfurt.de">mailto:igor@stud.fh-frankfurt.de</a>]
Sent: Thursday, October 10, 2002 10:46 PM
To: Aleksey Sanin
Cc: Moultrie, Ferrell (ISSAtlanta); <a class="moz-txt-link-abbreviated" href="mailto:xmlsec@aleksey.com">xmlsec@aleksey.com</a>
Subject: Re: [xmlsec] Verify signature after certificate expired
Hi there,
You are basically right, but first let us clear something: I don't use
Visual Studio .NET :-) I tried, but it gave me trouble with its sick
C-runtime, so I vetoed its further existence on my hard drive. I use MS
compiler which is a part of Windows XP Driver Development Kit, all of it
from the command line. I have no IDE installed, I use XEmacs for my
source-editing needs, even for .NET development :-)
Well, my compiler from the DDK has __FUNCTION__ predefined, but is far
more
recent than the one delivered with the Visual Studio 6. It can very well
be
that the VS6 compiler (version 12 and lower) doesn't know about this
macro.
My appologies. I have no way to test compilers with version numbers
other
than my own.
The offending line would then be something like
#if !defined(__GNUC__) || (_MSC_VER >= 1300)
and that should solve it. I'm now hacking something on Linux and will do
this line myself when I boot Windows again, unless done by then allready
:-)
By the way, Ferell, could you please, please test the above line with
your
compiler and confirm it is okay?
Ciao
Igor
Aleksey Sanin wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Igor made changes in the Win32 build and forgot that not everyone uses
Microsoft .Net Visual Studio :) MS VC 6.0 has no __FUNCTION__ and
this caused problems. I guess the correct path is:
326c326,327
! #if !defined(__GNUC__) && !defined(_MSC_VER)
---
! #if !defined(__GNUC__) && (!defined(_MSC_VER) || (_MSC_VER < 1300))
What do you think, Igor?
Aleksey.
Moultrie, Ferrell (ISSAtlanta) wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Aleksey:
Thanks for making these changes. I've pushed aside what I was
</pre>
</blockquote>
</blockquote>
<pre wrap=""><!---->working
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">on in my application so that I can work with this change. I pulled the
XMLSec tips with your changes from CVS and built it on Win32. With one
minor problem it builds and runs without any regression errors. I
haven't yet tried the new function bit but that is next. As for the
</pre>
</blockquote>
</blockquote>
<pre wrap=""><!---->one
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">build problem I had, I don't really understand the change you made but
if I put it back like it was before, everything is fine. Here's the
diff's:
diff -b backup/errors.h errors.h
326c326,327
< #if !defined(__GNUC__) && !defined(_MSC_VER)
---
</pre>
<blockquote type="cite">
<pre wrap="">#if !defined(__GNUC__)
</pre>
</blockquote>
<pre wrap="">Without removing the !defined(_MSC_VER) and allowing the following
</pre>
</blockquote>
</blockquote>
<pre wrap=""><!---->line
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">...
#define __FUNCTION__
... to be compiled, I get zillions of errors complaining about
__FUNCTION__ being undefined.
If this isn't the correct change, please let me know what I'm missing
and I'll try that instead. More on the cert verification as soon as I
can figure out your example and make the appropriate changes in my
</pre>
</blockquote>
</blockquote>
<pre wrap=""><!---->code
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">to do something similar.
Thanks!
Ferrell
-----Original Message-----
From: Aleksey Sanin [<a class="moz-txt-link-freetext" href="mailto:aleksey@aleksey.com">mailto:aleksey@aleksey.com</a>]
Sent: Thursday, October 10, 2002 3:53 AM
To: Moultrie, Ferrell (ISSAtlanta)
Cc: <a class="moz-txt-link-abbreviated" href="mailto:xmlsec@aleksey.com">xmlsec@aleksey.com</a>
Subject: Re: [xmlsec] Verify signature after certificate expired
I understand the problem with using 0.9.7 and I am waiting for it
for a very long time myself :) I've changed XMLSec library so now
this "expired certs feature" is supported for both 0.9.6 and 0.9.7.
Also I added a test case to my suite to test it. The code is not
complicated but it's new code and I would appreciate if you will
try this new feature in your environment. I would be glad to help
you and fix any bugs you find. The fixed XMLSec version should
be in tonight's snapshot or you can get it from GNOME CVS.
Thank you in advance,
Aleksey
Moultrie, Ferrell (ISSAtlanta) wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Aleksey:
I *must* have this stuff -- there's not really another way to do
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap=""><!---->this
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">without using a never-expiring cert from a private CA -- and that has
it's own set of risks and hazards that are commisurate with, or
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap=""><!---->greater
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">than, the risk you point out of not expiring a signature after it's
released. For a code and/or data signing application intended *only*
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap=""><!---->to
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">say that the data was valid at the time it was signed -- and should
remain valid forever -- not having a signature expire is the
proper/desired/required behavior.
For your notes below:
(1) My XML has a timestamp in a predictable format that correspond
precisely to the time of signing so this isn't an issue in my case.
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap=""><!---->Not
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">a problem.
(2) Yucky because this is extra work in the application which I was
avoiding -- but that's still not a big problem since verification
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap=""><!---->setup
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">time isn't absolutely critical to my application.
(3) I believe I understand your POV and the tradeoffs -- they just
don't change how my application *must* behave.
If you can either prototype the required code for 0.9.6g or give me
</pre>
</blockquote>
<pre wrap="">as
</pre>
<blockquote type="cite">
<pre wrap="">good a pointer as you can to what should be done and where, I'll
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap=""><!---->check
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">it out and test it with my application. I'm very appreciative of what
you've done so far -- but I just can't use 0.9.7 in our
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap=""><!---->general-release
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">applications at this time. Too much testing -- too many unknowns --
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap=""><!---->too
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">hard to explain if it turns out to have a critical security
issue/bug/etc. Thanks again for whatever you can do to help me move
forward. Finding out about this today is painful/inconvenient -- but
much better than finding out about it next year when all our
applications suddenly shut down. Hopefully QA would have found this
</pre>
</blockquote>
<pre wrap="">soon
</pre>
<blockquote type="cite">
<pre wrap="">(I just turned the X509 stuff over to them) but if we'd missed it, it
would have been very painful.
Ferrell
</pre>
</blockquote>
<pre wrap="">
</pre>
</blockquote>
</blockquote>
<pre wrap=""><!---->
</pre>
</blockquote>
<br>
</body>
</html>