[xmlsec] xmlsec-nss patch
aleksey at aleksey.com
Sun Jul 20 19:47:05 PDT 2003
I've looked at your changes and there is one thing that I defenetly
You are using "certutil" tool to create the nss database. But this tool
included into mozilla-nss and mozilla-nss-devel packages (read: I don't have
it on my box). Thus it makes it impossible to test nss implementation
I wonder if there is other way to create nss db directly from xmlsec.
> 11 bug fix in keys.c.
> function xmlSecKeysMngrGetKey invokes xmlSecKeyInfoNodeRead. On
> return from xmlSecKeyInfoNodeRead, it returns key if
> xmlSecKeyGetValue(key) != NULL
> That is incorrect because in xmlSecKeyInfoNodeRead, it is possible
> to have a key value even if xmlSecKeyMatch fails (see the for loop).
> I think the better way to fix it is to put a check in
> xmlSecKeyInfoNodeRead itself before returning. This will
> require adjusting the callers too. I'll let you decide :)
I think you change is ok. It's not a bug actually because we do check is
valid or not on the next level. But this additional check would not hurt.
More information about the xmlsec