[xmlsec] Verifying SOAP signature with the Xmlsec utility
Aleksey Sanin
aleksey at aleksey.com
Mon Jun 6 10:23:00 PDT 2005
If you are using exc-c14n (and I guess you are using it because of
SOAP :) ) and you have xml attributes (e.g. xml:lang) in the signed
xml fragment then it is likely that you might be affected by the
following bug in exc c14n implementation:
http://mail.gnome.org/archives/xml/2005-June/msg00001.html
It would be really great if you can try the latest LibXML2 CVS snapshot
tomorrow and let me know if it fixes your problem.
Thanks,
Aleksey
Geir S.Eidissen wrote:
> Thanks for answering!
>
> So, if I understand you correctly, verifying a signed SOAP message should
> work OK with the utility, given that the message is unmodified and the c14n
> implementation of the sender is correct.
>
> Best regards
> Geir S. Eidissen
>
>
>
> -----Original Message-----
> From: Aleksey Sanin [mailto:aleksey at aleksey.com]
> Sent: 17. april 2005 18:01
> To: Geir Ståle Eidissen
> Cc: xmlsec at aleksey.com
> Subject: Re: [xmlsec] Verifying SOAP signature with the Xmlsec utility
>
>
> I don't think that the problem is in the xmlsec flags. It looks like
> Reference's digests do not match. The possible reasons are:
> 1) Document was modified after signature was done (intentionaly or not
> intentionaly).
> 2) There is an incompatibility between the app you used to sign document and
> xmlsec (most likely, in c14n).
> 3) Something else very bad happened.
>
> Aleksey
>
>
More information about the xmlsec
mailing list