[xmlsec] Signaute that does not sign a node

Aleksey Sanin aleksey at aleksey.com
Mon Nov 30 08:41:46 PST 2020

Hi Tim,

I believe that technically inability to resolve a URI for a Reference
(e.g. ID in your case) should result in a failure for calculating digest
thus making the signature invalid.



On 11/25/20 7:31 PM, Timothy Legge wrote:
> Hi
> I recently had a file that had three signatures but one of the
> References in the file did not point to anything in the XML file.
> https://pastebin.com/raw/8TWV0AZW
> What does one do with that?  In my case I used the reference to look
> for a matching node with the ID set to the value of the reference.
> Since it was not in the file, I skipped processing that signature.
> I know it's a little off topic for this list but I imagine you have
> seen something similar before.
> Tim
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec

More information about the xmlsec mailing list