[xmlsec] libxml2 --without-http ... and xmlsec

Roumen Petrov xmlsec at roumenpetrov.info
Fri Jul 4 04:02:27 PDT 2003

  Aleksey Sanin wrote:

> Sorry, your patch is incorrect.


> Some tests from the tests suite use
> external resources thus require HTTP support. Currently, if LibXML
> does not have http/ftp compiled in, the xmlsec fails with an error
> that indicates a problem with IO. Your patch masks the problem
> with dummy http/ftp callbacks which is wrong.

Other side effect from my patch is that test 
"merlin-xmldsig-twenty-three/signature-external-b64-dsa" can fail when 
we don't have IO error and external resource return zero(!) bytes or not 
whole document. It's really happen - I have problem with some (broken, 
heavy loaded, overloaded or ???) application servers: they return HTTP 
200 (no error) but data is zero bytes (error).
I'm not sure that user should be warned at configure time when LibXML is 
without http/ftp compiled in. Runtime IO error message ("...io function 
failed:uri"...) is good (enough).

My question, as novice for xmlsec is how important for 
"merlin-xmldsig-twenty-three/signature-external-b64-dsa" test is data 
referenced from URIs ?
As I can see URL resource is important as name(string), but what about 
content of resource ? I miss out on something.

What is relation between "<Reference URI="#object">...<Object 
Id="object">c29tZSB0ZXh0</Object>"  and "<Reference 
URI="http://www.w3.org/Signature/2002/04/xml-stylesheet.b64">", i.e. 
when I would instead of  external to use enveloping signature, how to 
compute object id, where to look in source or better to remove URI?

> Also the user might
> have reasons to compile LibXML without HTTP/FTP support because
> s/he wants to use her/his own callbacks. In this case, your dummy
> callbacks will make it harder.

Really I would like to have my own callback but not in XmlLIB rather in 
XmlSEC. I would like to sign and might to encrypt lots and lots of xml 
documents and internet connection should not affect signing and/or 
encryption process.
I discover inet conn. problem when firewall block all requests to 
outside and log it. Might my problem was <Reference URI="http://... in 
xml. Because this test environment (test xml files) is removed now I 
cannot reproduce :-( slow signing. All work fine :-) .

More information about the xmlsec mailing list