[xmlsec] Failure to encode special chars in X509SubjectName node
Cliff Hones
cliff at aaisp.net.uk
Thu Mar 6 10:24:09 PST 2008
I have an X509 certificate which has an ampersand within its
"Subject" text. When signing with this certificate, the content
of the X509SubjectName node is incorrectly set - it terminates
at the ampersand (which is not encoded as &). Also, xmllib
reports "unterminated entity reference".
I can fix this behaviour by adding a suitable call to the routine
xmlEncodeSpecialChars in openssl/x509.c in the function
xmlSecOpenSSLX509SubjectNameNodeWrite
Note that xmlEncodeSpecialChars requires a "doc" as first argument,
which is not available in this routine, but in fact NULL can be
passed as the doc argument is not used.
I think this call should also be added to
xmlSecOpenSSLX509IssuerSerialNodeWrite
for the IssuerName node, as this could also contain text with
an "&" (or indeed other special XML characters).
This problem could also be present in other places where xmlsec sets
node content to a raw string sourced from non-XML. I haven't looked
to see if there are any other such occurrences.
Do you consider this a bug? Should I submit it to the Gnome bugzilla?
--
Cliff Hones
Andrews & Arnold Ltd.
More information about the xmlsec
mailing list