[xmlsec] "soft error" when calling xmlSecDSigValidate

Meg Morgan meg at votehere.net
Fri Feb 7 10:47:16 PST 2003


Ok, I'm baffled.

The error says:
xmlSecSignedInfoRead <..\src\xmldsig.c:1493>: error 51: invalid reference :

Sure enough, the result member of the returned xmlSecDSigResult structure
equals to xmlSecTransformStatusNone, so validation is not really succeeding,
but a status of "None" doesn't give me many clues.

I have attached my Signature file - as I understand it the Reference node
doesn't have to have any attributes as they are implied.  But could the
absence of the Id, Mimetype, or Encoding attribute be causing this problem?

Thank you for your time
meg

Meg Morgan wrote:
> 
> Thank you - I will look at the faqs.
> 
> Aleksey Sanin wrote:
> >
> > Please check section 3.1 of the FAQ:
> >     http://www.aleksey.com/xmlsec/faq.html
> > The xmlSecDSigVerify returns -1 if there is a critical error (i.e.
> > something really
> > bad happens like wrong XML structure). "Signature is not valid" is a
> > possible
> > *valid* result of this operation. In this case, we return 0 to indicate
> > that there is
> > no critical errors and in the same time, we don't verify the signature
> > because
> > result is not "ok".
> >
> > Aleksey
> >
> > Meg Morgan wrote:
> >
> > >I hit this error while checking a signature, but the return
> > >value is 0 so it doesn't really fail.
> > >
> > >xmldsig.c: 1493
> > >
> > >if((!sign) && (ref->result != xmlSecTransformStatusOk)) {
> > >            xmlSecError(XMLSEC_ERRORS_HERE,
> > >                        XMLSEC_ERRORS_R_DSIG_INVALID_REFERENCE,
> > >                        " ");
> > >            /* "soft" error */
> > >            res = 0;
> > >            goto done;
> > >}
> > >
> > >
> > >What does this really mean?
> > >
> > >Sorry to ask so many questions today ...
> > >meg
> > >
> > >
> > >
> 
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Meg Morgan                           425/450-2754
> meg at votehere.net                   http://www.votehere.net
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Meg Morgan                           425/450-2754
meg at votehere.net                   http://www.votehere.net

-------------- next part --------------
<?xml version="1.0"?>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
<Reference>
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>hADUJo2no0WHX/b703vRc6/IvYY=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>RFwGDI7qNEyibUECgzUdbefN1eJKbh57ECwO3CisfgckZmJr3BZY4w==</SignatureValue>
<KeyInfo>
<KeyValue>
<DSAKeyValue>
<P>
h5UMKYmWO+um5e5UyRu07St1uptdgButRFRSo6bSuAdjkQOEU1zYO5/PONmqv3vR
A+6qLGDqXiS6oIig3wd3/xKW2I2jFBYACGKtNRPM57kfDcEs412zca/BOSpQkIlu
+KEW0g4jDVIhOndvWXHK8UjR4ZNpeJL4dkX0Cyo1j8s=
</P>
<Q>
pFgv8EaKYjIZIaiAqBKt273g/9E=
</Q>
<G>
SqS9ottR9dgI00qVs2wZuft62p5RMINK/4qIPD6a2hOk/8IwSV+aJ2YFs/XOIguu
4xUJErRt96Z9uBNDtCqI88BI8j6EDamRc76qrFUK6ELIz6g3Pv/3XIzL9sp61uR3
f/gnNMFbQEMWZm1QY0AGl+GICSlozC3t9NpCHdAXqKo=
</G>
<Y>
bDS9MibuXPy6ZR3yHzNLAJG0YJw4HtMq1ojHyp8//Cv5UL/ftnTIdw3K/Rcc0Qv+
eXsCk5R2tE6BViuWnxGfTn5+bH0/97G/9+nU6lOEfd/3sI7jC4puzhKyza+Wq9zI
LY2tXbMVmxehGxqwaco+bTtVavkROhgVwx3X3yllMhI=
</Y>
</DSAKeyValue>
</KeyValue>
</KeyInfo>
</Signature>


More information about the xmlsec mailing list