[xmlsec] [EGB] There might be a BUG on the XMLSec Library...

EGB:STONEROSES at MATRIX (Blusjune Jung / Daum.net) blusjune at daum.net
Mon Dec 23 06:53:09 PST 2002

Hi~ :)

I've tested all XML DSig examples.
Each test was successful.
But, there's one suspicious test result:

By use of program xmlsec(1) automatically installed by XMLSec library,
I was trying to verify the signed XML document
``test.xml'' located at http://www.aleksey.com/xmlsec/examples/dsig3/test.xml
(this file is also included in XMLSec library distribution
 at docs/examples/dsig3/test.xml)

But the result is the very operation failure,
	not a verification failure.

Here's the dump of that test result :

-----BEGIN DUMP-----
[EGBX:dsig3 (533)]$ xmlsec verify --print-all test.xml 
xmlSecTransformStateParseUri (transforms.c:1181): error 4: xml operation failed : xmlXPtrEval(xpointer(id('SomeData'))) 
xmlSecTransformStateCreate (transforms.c:881): error 2: xmlsec operation failed : xmlSecTransformStateParseUri(#xpointer(id('SomeData'))) 
xmlSecReferenceRead (xmldsig.c:1602): error 2: xmlsec operation failed : xmlSecTransformStateCreate 
xmlSecSignedInfoRead (xmldsig.c:1476): error 2: xmlsec operation failed : xmlSecReferenceRead - -1 
xmlSecSignatureRead (xmldsig.c:1175): error 2: xmlsec operation failed : xmlSecSignedInfoRead - -1 
xmlSecDSigValidate (xmldsig.c:733): error 2: xmlsec operation failed : xmlSecSignatureRead - -1 
Error: operation failed
-----END DUMP-----

I think that this problematic situation may be caused by
the bug of XPointer module(evaluation).
What do you think about it?

Is it really a serious bug?
Has it been reported before?
How can I solve this problem?

To be a rock, and not to roll. 

-x-x-[?]EGB:STONEROSES at MATRIX[!]-x-x- 
| blusjune at EGBSD | ^_^ | stoneroses | 
$ NAME=\
$ "Blusjune Jung <blusjune at daum.net>"
$ PGPKEYID="0xF1F2FD37" 
-x-x-x Eternal Golden Blusjune x-x-x-

More information about the xmlsec mailing list