[xmlsec] X509 Data Has Empty Nodes
Aleksey Sanin
aleksey at aleksey.com
Mon Jun 6 09:43:05 PDT 2016
OK, I can repro it. It is likely there is an issue in xmlSecAddChild()
Could you please file a ticket in github? I'll take a look but since
it is harmless I am not sure "when".
Thanks,
Aleksey
On 6/6/16 9:19 AM, Sergio Garcia wrote:
> The sign3 example doesn't include the additional X509 key info, like
> subject name.
> I started with sign3 and included the subject name and what I saw is
> when the X509 has nodes, the when signing only that nodes are populated.
> When I included the subject name and certificate, I got an additional
> text node, containing only a CR. To each additional node I request, an
> additional text node is included.
> Those text nodes are been included during sign.
>
> I just changed the sign3 example to instead of just add the empty X509Data:
>
> xmlSecTmplKeyInfoAddX509Data(keyInfoNode);
> if(x509DataNode == NULL) {
> fprintf(stderr, "Error: failed to add X509Data node\n");
> goto done;
> }
>
> It include more key details:
>
> x509DataNode = xmlSecTmplKeyInfoAddX509Data(keyInfoNode);
> if(x509DataNode == NULL) {
> fprintf(stderr, "Error: failed to add X509Data node\n");
> goto done;
> }
>
> if(xmlSecTmplX509DataAddSubjectName(x509DataNode) == NULL) {
> fprintf(stderr, "Error: failed to add X509SubjectName node\n");
> goto done;
> }
>
> if(xmlSecTmplX509DataAddCertificate(x509DataNode) == NULL) {
> fprintf(stderr, "Error: failed to add X509Certificate node\n");
> goto done;
> }
>
> On Mon, Jun 6, 2016 at 1:05 PM Aleksey Sanin <aleksey at aleksey.com
> <mailto:aleksey at aleksey.com>> wrote:
>
> Please take a look at the examples/sign3.c -- it does exactly what you
> want and doesn't print any extra lines.
>
> https://github.com/lsh123/xmlsec/blob/master/examples/sign3-res.xml
>
> Aleksey
>
> On 6/5/16 4:36 PM, Sergio Garcia wrote:
> > Hi,
> >
> > I was including the missing functions to handle X509 information when
> > signing XML files to the python-xmlsec wrapper library and noted that
> > when using the subject name I got additional empty nodes to
> X509Data node.
> >
> > This is the X509Data node right before signing the template.
> >
> > <X509Data>
> > <X509SubjectName/>
> > <X509Certificate/>
> > </X509Data>
> >
> > And this is the signed node:
> >
> > <X509Data>
> >
> > <X509Certificate>MIIE3zC...</X509Certificate>
> > <X509SubjectName>emailAddress=xmlsec at aleksey.com
> <mailto:xmlsec at aleksey.com>
> > <mailto:xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>>,CN=Aleksey
> Sanin,OU=Examples RSA
> > Certificate,O=XML Security Library
> > (http://www.aleksey.com/xmlsec),ST=California,C=US</X509SubjectName>
> > </X509Data>
> >
> > I put a sample for this (sign4) in my fork
> > at https://github.com/sergio-garcia/xmlsec, but I was unable to
> > determine what is causing this additional empty text nodes.
> >
> > I used Ubuntu 14.04 with the supplied libxmlsec1-dev on my tests.
> >
> > There is something that I'm probably missing?
> >
> > Thanks,
> > --
> >
> >
> > _______________________________________________
> > xmlsec mailing list
> > xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>
> > http://www.aleksey.com/mailman/listinfo/xmlsec
> >
>
> --
>
>
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
>
More information about the xmlsec
mailing list