[xmlsec] New xmlsec 1.2.19 release

Daniel Veillard veillard at redhat.com
Wed Mar 27 20:35:09 PDT 2013

[ Found and patched on monday but the mail didn't reach out the list,
  sending again (problem on my side !) ]

On Sun, Mar 24, 2013 at 02:54:10PM -0700, Aleksey Sanin wrote:
> The new XML Security Library 1.2.19 adds support for DSA-SHA256,
> and fixes a number of miscellaneous bugs.
>    http://www.aleksey.com/xmlsec/download.html
> Thanks to Mak Kolybabi, Roumen Petrov and everyone else for contributing
> patches and reporting bugs.

  Thanks but there is a small problem here, ECDSA is not shipped as
part of openssl (possibly for patent reasons but IANAL !) for Fedora,
and Red Hat Enterprise Linux so the build breaks with:

In file included from app.c:31:0:
../../include/xmlsec/openssl/crypto.h:204:27: fatal error:
openssl/ecdsa.h: No such file or directory

  I suppose the appropriate way to get this fixed is to do a configure
time test for the ecdsa.h header and if not found disable that part.
I see there is already a XMLSEC_NO_ECDSA define so hopefully the code
won't need to be changed. I tried quickly to see if I could provide a
fix but failed, maybe the simplest is to use the fact that if it
is explicitely disabled at compile time including <openssl/opensslconf.h>
brings back a OPENSSL_NO_ECDSA define via the
openssl/opensslconf-$arch.h , see enclosed patch, i am not sure it is
the most portable patch and possibly a bit redundant with the following
explicit setup of -DXMLSEC_NO_ECDSA=1 based on the version number,
but a double define sounds like the worse case.



Daniel Veillard      | Open Source and Standards, Red Hat
veillard at redhat.com  | libxml Gnome XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | virtualization library  http://libvirt.org/
-------------- next part --------------
--- configure.in.old	2013-03-25 20:12:45.641324517 +0800
+++ configure.in	2013-03-25 20:16:55.455082932 +0800
@@ -508,6 +508,22 @@
 if test "z$OPENSSL_FOUND" = "zyes" ; then
+    dnl Check availability of ECDSA
+    AC_EGREP_CPP(yes,[
+	#include <openssl/opensslconf.h>
+	    yes
+	#endif
+    ],[
+    ]) 
+if test "z$OPENSSL_FOUND" = "zyes" ; then
     if test "z$OPENSSL_VERSION" = "z0.9.6" ; then

More information about the xmlsec mailing list