[xmlsec] New xmlsec 1.2.19 release
veillard at redhat.com
Wed Mar 27 20:35:09 PDT 2013
[ Found and patched on monday but the mail didn't reach out the list,
sending again (problem on my side !) ]
On Sun, Mar 24, 2013 at 02:54:10PM -0700, Aleksey Sanin wrote:
> The new XML Security Library 1.2.19 adds support for DSA-SHA256,
> ECDSA-SHA1, ECDSA-SHA224, ECDSA-SHA256, ECDSA-SHA384, ECDSA-SHA512
> and fixes a number of miscellaneous bugs.
> Thanks to Mak Kolybabi, Roumen Petrov and everyone else for contributing
> patches and reporting bugs.
Thanks but there is a small problem here, ECDSA is not shipped as
part of openssl (possibly for patent reasons but IANAL !) for Fedora,
and Red Hat Enterprise Linux so the build breaks with:
In file included from app.c:31:0:
../../include/xmlsec/openssl/crypto.h:204:27: fatal error:
openssl/ecdsa.h: No such file or directory
I suppose the appropriate way to get this fixed is to do a configure
time test for the ecdsa.h header and if not found disable that part.
I see there is already a XMLSEC_NO_ECDSA define so hopefully the code
won't need to be changed. I tried quickly to see if I could provide a
fix but failed, maybe the simplest is to use the fact that if it
is explicitely disabled at compile time including <openssl/opensslconf.h>
brings back a OPENSSL_NO_ECDSA define via the
openssl/opensslconf-$arch.h , see enclosed patch, i am not sure it is
the most portable patch and possibly a bit redundant with the following
explicit setup of -DXMLSEC_NO_ECDSA=1 based on the version number,
but a double define sounds like the worse case.
Daniel Veillard | Open Source and Standards, Red Hat
veillard at redhat.com | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
http://veillard.com/ | virtualization library http://libvirt.org/
-------------- next part --------------
--- configure.in.old 2013-03-25 20:12:45.641324517 +0800
+++ configure.in 2013-03-25 20:16:55.455082932 +0800
@@ -508,6 +508,22 @@
if test "z$OPENSSL_FOUND" = "zyes" ; then
+ dnl Check availability of ECDSA
+ #include <openssl/opensslconf.h>
+ #ifdef OPENSSL_NO_ECDSA
+ OPENSSL_CFLAGS="$OPENSSL_CFLAGS -DXMLSEC_NO_ECDSA=1"
+if test "z$OPENSSL_FOUND" = "zyes" ; then
if test "z$OPENSSL_VERSION" = "z0.9.6" ; then
OPENSSL_CFLAGS="$OPENSSL_CFLAGS -DXMLSEC_OPENSSL_096=1 -DXMLSEC_NO_ECDSA=1"
More information about the xmlsec