[xmlsec] invalid reference

Aleksey Sanin aleksey at aleksey.com
Wed Apr 2 06:42:35 PST 2003


Yes, you are right, it's "--print-all" in 0.0.14. I am mostly using the 
new version these days :)
I've looked at the output and I don't see any problems. XMLSec correctly 
selected
and serialized required <PARes/> node with given id. However, the digest 
claculated
by XMLSec does ot match the one calclulated by signer. There are several 
possible reasons
and I would say that most likely it's either a bug in the signer and/or 
xmlsec code (but I don't see
problems with xmlsec, it does exactly what it is supposed to) or there 
is something we don't
know about the environment where signature was calculated (for example, 
a DTD with default
attributes may change the canonicalization results and by this affect 
digest calculation).
It's very difficult to say wat exactly happen w/o having a similar 
"pre-digest" output from signer.

And again, there several over people reported similar problems. Ayhan, 
Lanre, have you found
something?

Aleksey

Ferenc Raffael wrote:

>On Tue, Apr 01, 2003 at 08:04:30AM -0800, Aleksey Sanin wrote:
>
>  
>
>>The error you have means that digests did not match. Several people
>>reported problems with version 1.0.2 of the  <ThreeDSecure/> signatures.
>>However, I don't see problem on xmlsec side (hint, use '--store-references'
>>option) which makes me think that there is a problem with one who
>>generated this signature.
>>
>>BTW, have anyone found what is the problem???
>>
>>Aleksey
>>    
>>
>
>Sorry, I haven't found any --store-references options. Which
>version do you suggest to use (I'm using 0.0.14 now)?
>
>You'll find a --print-all result attached. Could you take a
>look at it, please?
>
>  
>





More information about the xmlsec mailing list