[xmlsec] xmlSecDSigCtxVerify fails
Aleksey Sanin
aleksey at aleksey.com
Mon Feb 1 07:35:53 PST 2010
The symbol lookup problem is again related to multiple version of
xmlsec library.
This makes me suspicious that the second problem is also caused by
mismatch of between headers and actual loaded .so library.
One more idea - try to compile xmlsec as static library w/o
dynamic loading for crypto library.
Aleksey
On 2/1/2010 4:11 AM, mahendra N wrote:
> Hi aleksey,
> Yes, there were multiple versions of library on my
> system. I have resolved the issue now. Now i get the following error
>
> xmlsec1: symbol lookup error: /usr/lib64/libxmlsec1.so.1: undefined
> symbol: xmlSecNameAESKeyValue
>
> And one more observation:
> when i try to access the following value
> dsigCtx->signMethod->status ; i get a segmentation fault on windriver
> linux(mips). but it works fine on red hat linux(x86).
> Regards,
> Mahendra Naik
>
> 2010/1/29 Aleksey Sanin <aleksey at aleksey.com <mailto:aleksey at aleksey.com>>
>
> You have multiple versions of the library on your system.
> Incorrect LD_LIBRARY_PATH?
>
> Aleksey
>
>
> On 1/29/2010 1:24 AM, mahendra N wrote:
>
> Hi Aleksey,
> when i try to reproduce the error , i get the
> following error
> func=xmlSecCheckVersionExt:file=xmlsec.c:line=170:obj=unknown:subj=unknown:error=1:xmlsec
> library function failed:mode=abi compatible;expected minor
> version=2;real minor version=2;expected subminor version=12;real
> subminor version=11
>
> Error: loaded xmlsec library version is not compatible.
> Error: initialization failed
>
>
> Thanks and Regards,
> Mahendra Naik
> 2010/1/29 Aleksey Sanin <aleksey at aleksey.com
> <mailto:aleksey at aleksey.com> <mailto:aleksey at aleksey.com
> <mailto:aleksey at aleksey.com>>>
>
>
> Can you reproduce the problem with xmlsec command line utility?
> Unfortunately, I don't have mips around and I can't debug
> this. It
> smells like some compilation issue either in xmlsec or openssl.
> Try to compile openssl from C code, don't use assembler. And
> also
> try to disable all the optimizations in the openssl and gcc.
>
> Aleksey
>
>
>
> On 1/28/2010 8:32 PM, mahendra N wrote:
>
> we are using xmlsec 1.2.12 to check whether a license
> file is
> tampered.
> Were are tesing it on x86, SPARC and mips.
> xmlSecDSigCtxVerify
> function
> is used to check whether the signature is valid or not.
> on x86 and
> SPARC i get the logs as :
>
> xmlSecOpenSSLEvpDigestVerify: XmlSec Error data and
> digest do
> not match (12)
>
> xmlSecDSigCtxPtr->status = xmlSecDSigStatusInvalid;
>
> but in case of mips the logs are;
>
> xmlSecOpenSSLEvpDigestVerify: XmlSec Error data and
> digest do
> not match (12)
>
> xmlSecDSigCtxPtr->status = xmlSecDSigStatusSucceeded;
>
> so tampering of license is undetected on mips.
>
>
> 2010/1/28 Aleksey Sanin <aleksey at aleksey.com
> <mailto:aleksey at aleksey.com>
> <mailto:aleksey at aleksey.com <mailto:aleksey at aleksey.com>>
> <mailto:aleksey at aleksey.com <mailto:aleksey at aleksey.com>
>
> <mailto:aleksey at aleksey.com <mailto:aleksey at aleksey.com>>>>
>
>
> Sorry, I don't understand. Can you provide an example?
>
> Aleksey
>
>
> On 1/28/2010 3:45 AM, mahendra N wrote:
>
> Hi,
> We are using xmlSecDSigCtxVerify API to
> check
> whether a
> license
> file is tampered. . The license file is in w3
> XML format.
> Shouldn the
> status element of xmlSecDSigCtxPtr structure
> capture the
> error
> if the
> license file is tampered. but ,its happening,
> but the
> error is
> caught by
> signKey element on x86, but the signKey accesses
> a wrong
> pointer in
> mips. how should we go about the issue..
> Thanks and Reagrds,
> Mahendra Naik
>
>
>
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>
> <mailto:xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>>
> <mailto:xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>
> <mailto:xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>>>
>
>
> http://www.aleksey.com/mailman/listinfo/xmlsec
>
>
>
>
More information about the xmlsec
mailing list