[xmlsec] Including comments in signatures
olavmo at stud.ntnu.no
Mon Jul 7 06:35:50 PDT 2008
when the XMLSec library processes a reference with a #WithComments
canonicalization, it doesn't include the comments in the PreDigest data.
Is this a bug or have I misunderstood how the [...]#WithComments
canonicalizations are supposed to work?
To test this I used version 1.2.11 of the XMLSec library, with the
I modified this program slightly to do a debug dump after creating the
signature. The program is attached as sign1.c, and the debug output
is attached as debug.txt. The document i tried to sign was test.xml,
which is also attached.
data.xml looks like this:
<?xml version="1.0" encoding="UTF-8"?>
<!-- Comment! -->
And the relevant part of the debug output is this:
=== Transform: c14n-with-comments (href=http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments)
== PreDigest data - start buffer:
== PreDigest data - end buffer
More information about the xmlsec