[xmlsec] Map the existing use of xmlsec on an engine ?

zze-CIA BENARD C ext RD-MAPS-LAN cbenard.ext at orange-ftgroup.com
Thu Oct 25 09:00:05 PDT 2007


Thanks for your help.

I investigated the previous message sent by the xmlsec library in compiling it without any optimizations but with debugging informations. I took the hand on the debugger and then I trace the call stack to find out why the library failed in signing my XML stream.

Here is the call stack :

#0  xmlSecOpenSSLKeyDataRsaGetType (data=0x5231a0) at evp.c:1499
#1  0x0000002a956abdeb in xmlSecKeyDataGetType (data=0x5231a0) at keysdata.c:424
#2  0x0000002a956a8d68 in xmlSecKeyGetType (key=0x5192c0) at keys.c:730
#3  0x0000002a956a821b in xmlSecKeyReqMatchKey (keyReq=0x523970, key=0x5192c0) at keys.c:433
#4  0x0000002a956a8ce4 in xmlSecKeyMatch (key=0x5192c0, name=0x0, keyReq=0x523970) at keys.c:709
#5  0x0000002a956cba43 in xmlSecDSigCtxProcessKeyInfoNode (dsigCtx=0x523860, node=0x5233b0) at xmldsig.c:870
#6  0x0000002a956ca95f in xmlSecDSigCtxProcessSignatureNode (dsigCtx=0x523860, node=0x522130) at xmldsig.c:563
#7  0x0000002a956c9cb1 in xmlSecDSigCtxSign (dsigCtx=0x523860, tmpl=0x522130) at xmldsig.c:301
#8  0x0000000000401f65 in sign_file (xml_file=0x7fbffffa7e "./xmlsec_sign.xml.in", key_file=0x7fbffffa93 "rsa-2007") at xmlsec_sign.cpp:334
#9  0x0000000000401b16 in main (argc=3, argv=0x7fbffff808) at xmlsec_sign.cpp:112



The function xmlSecOpenSSLKeyDataRsaGetType returns xmlSecKeyDataTypePublic whereas my key is a private key. If I patch in "real time" (through the debugger) the returned value to xmlSecKeyDataTypePrivate, every thing is ok and my  XML stream is well signed.



I read a lot of threads during these lasts days about xmlsec and I found out one of them dealing with this sort of issue. Thread between Erwann ABALEA and Aleksey ;) : http://www.aleksey.com/pipermail/xmlsec/2005/002723.html



Up to you, am I in the same case (I think so) ?
Do you have a solution to fix that ?


Greetings,


Cyrille B.


-----Message d'origine-----
De : Aleksey Sanin [mailto:aleksey at aleksey.com] 
Envoyé : mercredi 24 octobre 2007 17:29
À : zze-CIA BENARD C ext RD-MAPS-LAN
Cc : xmlsec at aleksey.com
Objet : Re: [xmlsec] Map the existing use of xmlsec on an engine ?

You should probably either set key into the xmlSecDsigCtx directly or assign a key name and specify it in the template.

Aleksey



More information about the xmlsec mailing list