[xmlsec] core methods for write of <X509SubjectName/> and <X509IssuerSerial/>

Aleksey Sanin aleksey at aleksey.com
Fri Jul 18 09:03:36 PDT 2003

> Please check http://roumenpetrov.info/tmp/xmlsec/ for the files.
> About patch:
> - please review new methods - they are release candidates;
> - all other is very early release, even before alpha version ;-).

0) I absolutely do not like the code in xmlSecOpenSSLKeyDataX509XmlWrite()
function. As I explained before using static variable is wrong idea and
using numeric constants instead of defines is really bad code style.
1) xmlSecOpenSSLX509NameWrite() function: xmlMalloc may fail. You need
to check that returned pointer is not NULL and return an error if it's 
the case.
2) xmlSecOpenSSLASN1IntegerWrite() function: the ASN1_INTEGER_to_BN()
may return NULL. Instead of assert you should use if() to check the result.
Also I wonder why do you use '_xxx' variable? Why do you need '_'?
2) xmlSecOpenSSLASN1IntegerWrite() function: The function returns
xmlChar* allocated using OpenSSL function BN_bn2dec(). This is wrong!
xmlChar* is assumed to be allocated with one of LibXML2 malloc functions
and is freed with xmlFree. If there is a different memory callbacks 
in LibXML2 this code would crash.
3) testDSig.sh: I don't see reasons to modify existing tests. The right 
way is to add
new tests to the suite to test new functionality.

IMHO, the better approach would be:
0) At the very beggining of the xmlSecOpenSSLKeyDataX509XmlWrite()
function you read the <X509Data/> node content and determine what do you 
to write (certs, subject names, ...) based on the content of <X509Data/> 
and the xmlSecKeyInfoCtx flags.
1) Create separate methods like:
2) Call one these methods from the for() loop in 
for each cert in the keys data.
3) Determine if you want to write CRLs 
flag in the xmlSecKeyInfoCtx and call the new
function for each CRL in xmlSecOpenSSLX509Data if needed.

Tej, I wonder if it would be possible to mirror this in NSS code. What 
do you think?


More information about the xmlsec mailing list