[xmlsec] Signaute that does not sign a node
Aleksey Sanin
aleksey at aleksey.com
Mon Nov 30 08:41:46 PST 2020
Hi Tim,
I believe that technically inability to resolve a URI for a Reference
(e.g. ID in your case) should result in a failure for calculating digest
thus making the signature invalid.
Best,
Aleksey
On 11/25/20 7:31 PM, Timothy Legge wrote:
> Hi
>
> I recently had a file that had three signatures but one of the
> References in the file did not point to anything in the XML file.
>
> https://pastebin.com/raw/8TWV0AZW
>
> What does one do with that? In my case I used the reference to look
> for a matching node with the ID set to the value of the reference.
> Since it was not in the file, I skipped processing that signature.
>
> I know it's a little off topic for this list but I imagine you have
> seen something similar before.
>
> Tim
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
>
More information about the xmlsec
mailing list