[xmlsec] Xml Signature verification failure
Aleksey Sanin
aleksey at aleksey.com
Fri Jun 20 09:16:02 PDT 2003
Thanks, Rich!
Aleksey
Rich Salz wrote:
>> Although XPath selects "<Object></Object>", after c14n
>> transforming, it will be
>> "<Object xmlns="http://www.w3.org/2000/09/xmldsig#"></Object>".
>
>
> That's not right. The "default namespace" node is no different than
> any other namespace node (except that it is assigned the name
> "xmlns"). You have to include the namspace in your Xpath expression.
>
> This is a common problem -- Xpath subsetting leaves out inherited
> namespaces. That is why exc-c14n was created. You should look at
> that spec, particularly section 2
> http://www.w3.org/TR/xml-exc-c14n/#sec-ExclusiveNeed
> It explains why c14n doesn't do what you want.
> /r$
>
More information about the xmlsec
mailing list