[xmlsec] building without DTD validation support in libxml
bb at bernd-becker.de
Thu May 12 06:20:39 PDT 2005
OK, I understand your concern. It seems that the xmlsec library doesn't use
of the DTD validation stuff directly. But a conformant application would
In my case I am generating very "simple" xml signatures and I don't need it.
But I can live either with compiling libxml with dtd-validation (only about
size difference of the library) or with building just the xmlsec library
By the way, this is how I am building libxml for my xmlsec application
Do you see other "conformancy" problems with that?
--On Thursday, May 12, 2005 08:17:06 -0400 Daniel Veillard
<veillard at redhat.com> wrote:
> On Thu, May 12, 2005 at 12:48:01PM +0200, Bernd Becker wrote:
>> Hi again,
>> I am trying to build a "minimal" version of libxml and xmlsec, as I just
>> some of the xmldsig stuff.
>> So I compiled libxml2 with configure --with-valid=no (i.e. without DTD
>> validation support). Building the xmlsec application fails (the lib
>> builds fine):
>> xmlsec.o(.text+0x1cc5): In function `xmlSecAppXmlDataCreate':
>> xmlsec1-1.2.8/apps/xmlsec.c:2453: undefined reference to `xmlParseDTD'
>> xmlsec.o(.text+0x1d3f):xmlsec1-1.2.8/apps/xmlsec.c:2463: undefined
>> reference to `xmlValidateDtd'
>> So I conditionally exclude the code around "dtdFileParam" with
>> ifdef LIBXML_VALID_ENABLED, which is picked up from libxml/xmlversion.h.
>> Of course this causes all tests (with make check) that use --dtd-file
>> to fail.
>> Is that OK?
> Seems you're then building a non-conformant library, and if that's the
> case it should be forbidden. xmlsec needs DTD to have a conformant XPath
> implementation, which in turn is needed to have a conformant xmlsec
> implementation -this is a guess I didn't look precisely- and in that
> case I would prefer to see a compilation error than non-compliant build
> spreading around (guess who whould take the heat if people start to
> complain about the divergence from the standard.)
More information about the xmlsec