[xmlsec] Failure to encode special chars in X509SubjectName node

Cliff Hones cliff at aaisp.net.uk
Thu Mar 6 10:24:09 PST 2008

I have an X509 certificate which has an ampersand within its
"Subject" text.  When signing with this certificate, the content
of the X509SubjectName node is incorrectly set - it terminates
at the ampersand (which is not encoded as &).  Also, xmllib
reports "unterminated entity reference".

I can fix this behaviour by adding a suitable call to the routine
xmlEncodeSpecialChars in openssl/x509.c in the function

Note that xmlEncodeSpecialChars requires a "doc" as first argument,
which is not available in this routine, but in fact NULL can be
passed as the doc argument is not used.

I think this call should also be added to
for the IssuerName node, as this could also contain text with
an "&" (or indeed other special XML characters).

This problem could also be present in other places where xmlsec sets
node content to a raw string sourced from non-XML.  I haven't looked
to see if there are any other such occurrences.

Do you consider this a bug?  Should I submit it to the Gnome bugzilla?

Cliff Hones
Andrews & Arnold Ltd.

More information about the xmlsec mailing list