[xmlsec] Signature template problem with xmlsec 1.2.5

Matthias Jung matthias.jung at xtradyne.com
Wed Jun 16 03:08:37 PDT 2004


Hi all,

migrating from xmlsec 1.2.4 to 1.2.5 caused a problem with signature creation.

Using the function xmlSecTmplTransformAddXPath(...) with a namespace list as argument will create a node like:

       <ns1:XPath xmlns:ns1="urn:xxx"> 
           ancestor-or-self::ns1:xxx[1] 
       </ns1:XPath>

which is obviously in the wrong namespace.

Xmlsec 1.2.4 behaves correct, the node looks like:

       <XPath xmlns:ns1="urn:xxx">
           ancestor-or-self::ns1:xxx[1]
       </XPath>

Default namespace is dsig ns in parent node.


Diffing the transforms.c file shows that the function

    xmlSecTmplNodeWriteNsList(...) 

now (1.2.5) has one more line at the end changing the namespace of the node.
    ...
    xmlSetNs(parentNode, ns);
    ...
Commenting it out xmlsec behaves correct again.


So my question, is there any reason why this line was added to the 
function, or was it just a mistake?
I currently have no overview in which other cases the 
xmlSecTmplNodeWriteNsList(...) is used.
Removing the line at least fixes Signature template creation.


Cheers Matthias









More information about the xmlsec mailing list