<html><head></head><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, Sans-Serif;font-size:16px"><div id="yiv5284622395"><div id="yui_3_16_0_ym19_1_1463129077336_4596"><div style="color:#000;background-color:#fff;font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, Sans-Serif;font-size:16px;" id="yui_3_16_0_ym19_1_1463129077336_4595"><div id="yiv5284622395yui_3_16_0_ym19_1_1463129077336_2728"><span></span></div><div></div><div id="yiv5284622395yui_3_16_0_ym19_1_1463129077336_2727">Hello Aleksey & thank you for reply.</div><div id="yiv5284622395yui_3_16_0_ym19_1_1463129077336_2726">I cannot see obvious error in the dump.</div><div id="yiv5284622395yui_3_16_0_ym19_1_1463129077336_2726">Can you point it out if present?</div><div id="yiv5284622395yui_3_16_0_ym19_1_1463129077336_2571"><br clear="none"></div><div id="yiv5284622395yui_3_16_0_ym19_1_1463129077336_2570">Also if indeed a digest is incorrect, would you expect the status to invalid? (rather than garbage value)</div><div id="yiv5284622395yui_3_16_0_ym19_1_1463129077336_2570"><br clear="none"></div><div id="yiv5284622395yui_3_16_0_ym19_1_1463129077336_2570">Attached is the dump.</div><div class="yiv5284622395signature" id="yiv5284622395yui_3_16_0_ym19_1_1463129077336_2456"><div id="yiv5284622395yui_3_16_0_ym19_1_1463129077336_2492"><br clear="none"></div></div> <div class="yiv5284622395qtdSeparateBR" id="yui_3_16_0_ym19_1_1463129077336_4597">Also some code that I added as a result of ID related errors of faq 3.2</div><div class="yiv5284622395qtdSeparateBR" id="yui_3_16_0_ym19_1_1463129077336_4597">This is main difference to one of your verify examples</div><div class="yiv5284622395qtdSeparateBR" id="yui_3_16_0_ym19_1_1463129077336_4597">Without this code, I get lots of errors.</div><div class="yiv5284622395qtdSeparateBR" id="yui_3_16_0_ym19_1_1463129077336_4597"><br></div><div class="yiv5284622395qtdSeparateBR" id="yui_3_16_0_ym19_1_1463129077336_4597">With it, the verification runs thru, but with the contradictory result in status. </div><div class="yiv5284622395qtdSeparateBR" id="yui_3_16_0_ym19_1_1463129077336_4597"><br></div><div class="yiv5284622395qtdSeparateBR" id="yui_3_16_0_ym19_1_1463129077336_4597">Appreciate your input. </div><div class="yiv5284622395qtdSeparateBR" id="yui_3_16_0_ym19_1_1463129077336_4597">Thank you. </div><div class="yiv5284622395yqt3295611229" id="yiv5284622395yqt23757"></div></div></div></div><div class=".yiv5284622395yahoo_quoted"> <div style="font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, Sans-Serif;font-size:16px;"> <div style="font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, Sans-Serif;font-size:16px;"> <div dir="ltr"><font size="2" face="Arial"> On Friday, 13 May 2016, 2:56:22, Aleksey Sanin <aleksey@aleksey.com> wrote:<br clear="none"></font></div>  <br clear="none"><br clear="none"> <div class="yiv5284622395y_msg_container">Look through the whole dump. One of the digests is likely invalid.<br clear="none"><br clear="none">Aleksey<br clear="none"><div class="yiv5284622395yqt7784926788" id="yiv5284622395yqtfd73666"><br clear="none">On 5/12/16 2:37 PM, <a rel="nofollow" shape="rect" ymailto="mailto:moore43132@yahoo.com" target="_blank" href="mailto:moore43132@yahoo.com">moore43132@yahoo.com</a> wrote:<br clear="none">>  <br clear="none">> Hello<br clear="none">> <br clear="none">> <br clear="none">> Any thoughts on how the following can happen would be much appreciate.<br clear="none">> <br clear="none">> <br clear="none">> Have some code like this which is preceeded by creating a verify contxt<br clear="none">> etc etc just like examples::<br clear="none">> <br clear="none">> ...<br clear="none">> ...<br clear="none">>         /* print verification result to stdout */<br clear="none">>         if(dsigCtx->status == xmlSecDSigStatusSucceeded) {<br clear="none">>                 fprintf(stdout, "RESULT: Signature is OK  %d\n",<br clear="none">> dsigCtx->status);<br clear="none">>         } else {<br clear="none">>                 fprintf(stdout, "RESULT: Signature is INVALID %d\n",<br clear="none">> dsigCtx->status);<br clear="none">>         }<br clear="none">>         fprintf(stdout,<br clear="none">> "---------------------------------------------------\n");<br clear="none">> <br clear="none">> <br clear="none">>         xmlSecDSigCtxDebugDump(dsigCtx, stdout);<br clear="none">> ...<br clear="none">> ...<br clear="none">> <br clear="none">> <br clear="none">> And get the following output:<br clear="none">> <br clear="none">> <br clear="none">> RESULT: Signature is INVALID 7219120<br clear="none">> ---------------------------------------------------<br clear="none">> = VERIFICATION CONTEXT<br clear="none">> == Status: succeeded<br clear="none">> == flags: 0x0000000e<br clear="none">> == flags2: 0x00000000<br clear="none">> == Key Info Read Ctx:<br clear="none">> = KEY INFO READ CONTEXT<br clear="none">> == flags: 0x00000000<br clear="none">> == flags2: 0x00000000<br clear="none">> == enabled key data: all<br clear="none">> == RetrievalMethod level (cur/max): 0/1<br clear="none">> == TRANSFORMS CTX (status=0)<br clear="none">> == flags: 0x00000000<br clear="none">> == flags2: 0x00000000<br clear="none">> == enabled transforms: all<br clear="none">> === uri: NULL<br clear="none">> === uri xpointer expr: NULL<br clear="none">> == EncryptedKey level (cur/max): 0/1<br clear="none">> === KeyReq:<br clear="none">> ==== keyId: rsa<br clear="none">> ==== keyType: 0x00000001<br clear="none">> ==== keyUsage: 0x00000002<br clear="none">> ==== keyBitsSize: 0<br clear="none">> === list size: 0<br clear="none">> == Key Info Write Ctx:<br clear="none">> = KEY INFO WRITE CONTEXT<br clear="none">> == flags: 0x00000000<br clear="none">> == flags2: 0x00000000<br clear="none">> == enabled key data: all<br clear="none">> == RetrievalMethod level (cur/max): 0/1<br clear="none">> == TRANSFORMS CTX (status=0)<br clear="none">> == flags: 0x00000000<br clear="none">> == flags2: 0x00000000<br clear="none">> == enabled transforms: all<br clear="none">> === uri: NULL<br clear="none">> === uri xpointer expr: NULL<br clear="none">> == EncryptedKey level (cur/max): 0/1<br clear="none">> === KeyReq:<br clear="none">> ==== keyId: NULL<br clear="none">> ==== keyType: 0x00000001<br clear="none">> ==== keyUsage: 0xffffffff<br clear="none">> ==== keyBitsSize: 0<br clear="none">> === list size: 0<br clear="none">> == Signature Transform Ctx:<br clear="none">> == TRANSFORMS CTX (status=2)<br clear="none">> == flags: 0x00000000<br clear="none">> == flags2: 0x00000000<br clear="none">> == enabled transforms: all<br clear="none">> === uri: NULL<br clear="none">> === uri xpointer expr: NULL<br clear="none">> === Transform: exc-c14n (href=<a rel="nofollow" shape="rect" target="_blank" href="http://www.w3.org/2001/10/xml-exc-c14n#">http://www.w3.org/2001/10/xml-exc-c14n#</a>)<br clear="none">> === Transform: membuf-transform (href=NULL)<br clear="none">> === Transform: rsa-sha1 (href=<a rel="nofollow" shape="rect" target="_blank" href="http://www.w3.org/2000/09/xmldsig#rsa-sha1">http://www.w3.org/2000/09/xmldsig#rsa-sha1</a>)<br clear="none">> === Transform: membuf-transform (href=NULL)<br clear="none">> == Signature Method:<br clear="none">> === Transform: rsa-sha1 (href=<a rel="nofollow" shape="rect" target="_blank" href="http://www.w3.org/2000/09/xmldsig#rsa-sha1">http://www.w3.org/2000/09/xmldsig#rsa-sha1</a>)<br clear="none">> == Signature Key:<br clear="none">> == KEY<br clear="none">> === method: RSAKeyValue<br clear="none">> === key type: Public<br clear="none">> === key usage: -1<br clear="none">> === key not valid before: 1458586152<br clear="none">> === key not valid after: 1774118952<br clear="none">> === rsa key: size = 2048<br clear="none">> === list size: 1<br clear="none">> === X509 Data:<br clear="none">> ==== Key Certificate:<br clear="none">> ==== Subject Name: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<br clear="none">> ==== Issuer Name: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<br clear="none">> ==== Issuer Serial: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<br clear="none">> ==== Certificate:<br clear="none">> ==== Subject Name: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<br clear="none">> ==== Issuer Name: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<br clear="none">> ==== Issuer Serial: XXXXXXXXXXXXXXXXXXXXXXXXXXXXX<br clear="none">> == SignedInfo References List:<br clear="none">> === list size: 1<br clear="none">> = REFERENCE VERIFICATION CONTEXT<br clear="none">> == Status: succeeded<br clear="none">> == URI: "#_c4e9522ba1289864766f54df6a04eae5b77fd7c70d"<br clear="none">> == Reference Transform Ctx:<br clear="none">> == TRANSFORMS CTX (status=2)<br clear="none">> == flags: 0x00000000<br clear="none">> == flags2: 0x00000000<br clear="none">> == enabled transforms: all<br clear="none">> === uri: <br clear="none">> === uri xpointer expr: #_c4e9522ba1289864766f54df6a04eae5b77fd7c70d<br clear="none">> === Transform: xpointer (href=<a rel="nofollow" shape="rect" target="_blank" href="http://www.w3.org/2001/04/xmldsig-more/xptr">http://www.w3.org/2001/04/xmldsig-more/xptr</a>)<br clear="none">> === Transform: enveloped-signature<br clear="none">> (href=<a rel="nofollow" shape="rect" target="_blank" href="http://www.w3.org/2000/09/xmldsig#enveloped-signature">http://www.w3.org/2000/09/xmldsig#enveloped-signature</a>)<br clear="none">> === Transform: exc-c14n (href=<a rel="nofollow" shape="rect" target="_blank" href="http://www.w3.org/2001/10/xml-exc-c14n#">http://www.w3.org/2001/10/xml-exc-c14n#</a>)<br clear="none">> === Transform: membuf-transform (href=NULL)<br clear="none">> === Transform: sha1 (href=<a rel="nofollow" shape="rect" target="_blank" href="http://www.w3.org/2000/09/xmldsig#sha1">http://www.w3.org/2000/09/xmldsig#sha1</a>)<br clear="none">> === Transform: membuf-transform (href=NULL)<br clear="none">> == Digest Method:<br clear="none">> === Transform: sha1 (href=<a rel="nofollow" shape="rect" target="_blank" href="http://www.w3.org/2000/09/xmldsig#sha1">http://www.w3.org/2000/09/xmldsig#sha1</a>)<br clear="none">> == PreDigest data - start buffer:<br clear="none">> ....<br clear="none">> ....<br clear="none">> <br clear="none">> ....<br clear="none">> <br clear="none">> <br clear="none">> Any ideas how this could happen?<br clear="none">> <br clear="none">> The dump prints the status as being successful.<br clear="none">> This as per the setting of the dsigCtx->status in<br clear="none">> xmlSecDSigCtxDebugDump() function in xmldsig.c<br clear="none">> <br clear="none">> <br clear="none">> But how is it printing some garbage value before hand? (7219120)<br clear="none">> Why is it not initialized or set to unknown/invalid. <br clear="none">> <br clear="none">> <br clear="none">> Would appreciate any insight? No other logs/erros from the xmlsec are<br clear="none">> evident.<br clear="none">> <br clear="none">> Are there any other logs I could refer to?<br clear="none">> Would appreciate any thoughts. </div><br clear="none">> <br clear="none">> <br clear="none">> <br clear="none">> <br clear="none">> <br clear="none">> <br clear="none">> <br clear="none">> <br clear="none">> <br clear="none">> <br clear="none">> _______________________________________________<br clear="none">> xmlsec mailing list<br clear="none">> <a rel="nofollow" shape="rect" ymailto="mailto:xmlsec@aleksey.com" target="_blank" href="mailto:xmlsec@aleksey.com">xmlsec@aleksey.com</a><br clear="none">> <a rel="nofollow" shape="rect" target="_blank" href="http://www.aleksey.com/mailman/listinfo/xmlsec">http://www.aleksey.com/mailman/listinfo/xmlsec</a><div class="yiv5284622395yqt7784926788" id="yiv5284622395yqtfd18667"><br clear="none">> <br clear="none"></div><br clear="none"><br clear="none"></div>  </div> </div>  </div></div></body></html>