[xmlsec] using xmlSecDSigCtxDebugXmlDump

Aleksey Sanin aleksey at aleksey.com
Mon Aug 24 15:46:28 PDT 2009 

Lenoir,

Thanks for the test case again! I've fixed this and several
other places. I believe the XML output should be good all
the time.

Please note that I've changed slightly the certificates output
format and now it looks more "xmlish":

<X509Data>
<KeyCertificate>
<SubjectName>...</SubjectName>
<IssuerName>...</IssuerName>
<SerialNumber>2</SerialNumber>
</KeyCertificate>
<Certificate>
<SubjectName>...</SubjectName>
<IssuerName>...</IssuerName>
<SerialNumber>2</SerialNumber>
</Certificate>
</X509Data>

You can find the updated version in GIT trunk.

Thanks again,

Aleksey

Lenoir Herve wrote:
> Hi,
>  
> If You are using the *xmlSecDSigCtxDebugXmlDump() *function,
> the *"=== IssuerName*" or *"==== SubjectName*" into the 
> *<KeyCertificate>* and *<Certificate>* XML nodes
> could contain text with an "&" and the XML result dump file is 
> incorrectly set !
> 
> A Bypass is to use the new function *xmlSecNodeEncodeAndSetContent()* 
> into the file *openssl/x509.c* like this :
>  
> static void
> *xmlSecOpenSSLX509CertDebugXmlDump*(X509* cert, FILE* output) {
>     char buf[1024];
>     BIGNUM *bn = NULL;
>   + char *tmp;
>   + xmlDocPtr doc;
>  
>     xmlSecAssert(cert != NULL);
>     xmlSecAssert(output != NULL);
>  
>     fprintf(output, "=== X509 Certificate\n");
>    + doc = xmlNewDoc(BAD_CAST "1.0.");
>    + X509_NAME_oneline(X509_get_subject_name(cert), buf, sizeof(buf));
>    + tmp = xmlEncodeSpecialChars(doc, BAD_CAST buf);
>    + fprintf(output, "==== Subject Name: %s\n", tmp);
>    + xmlFree(tmp);
>    + X509_NAME_oneline(X509_get_issuer_name(cert), buf, sizeof(buf));
>    + tmp = xmlEncodeSpecialChars(doc, BAD_CAST buf);
>    + fprintf(output, "==== Issuer Name: %s\n", tmp);
>    + xmlFree(tmp);
>    + xmlFreeDoc(doc);
>  
> + /*
>     fprintf(output, "==== Subject Name: %s\n",
>          X509_NAME_oneline(X509_get_subject_name(cert), buf, sizeof(buf)));
>     fprintf(output, "==== Issuer Name: %s\n",
>          X509_NAME_oneline(X509_get_issuer_name(cert), buf, sizeof(buf)));
> + */
>  
>  
> I think it's not a "splendid Patch" :-)
> But the XML result dump file is correct now !
>  
> Best regards 
> Hervé  
>  
>  
> 	
> *LENOIR HERVE*
> 26 rue des Pavillons
> FR92807 Puteaux Cedex
> Tél.: +33(0)1 47 17 24 60
> hlenoir at axway.com <mailto:hlenoir at axway.com> - www.axway.com
>   	 
> 
>  
> 
>  
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec

More information about the xmlsec mailing list