[xmlsec] Xml Signature verification failure

Aleksey Sanin aleksey at aleksey.com
Fri Jun 20 09:16:02 PDT 2003

Thanks, Rich!


Rich Salz wrote:

>>     Although XPath selects "<Object></Object>", after c14n 
>> transforming, it will be
>>     "<Object xmlns="http://www.w3.org/2000/09/xmldsig#"></Object>".     
> That's not right.  The "default namespace" node is no different than 
> any other namespace node (except that it is assigned the name 
> "xmlns").  You have to include the namspace in your Xpath expression.
> This is a common problem -- Xpath subsetting leaves out inherited 
> namespaces.  That is why exc-c14n was created.  You should look at 
> that spec, particularly section 2
>    http://www.w3.org/TR/xml-exc-c14n/#sec-ExclusiveNeed
> It explains why c14n doesn't do what you want.
>     /r$

More information about the xmlsec mailing list