[xmlsec] Signaute that does not sign a node
Timothy Legge
timlegge at gmail.com
Mon Nov 30 08:46:14 PST 2020
Hi Aleksey
That does make sense to me. I don't have full information about the
original XML file so I can't say if it was a problem with what was
provided to me. I am working on perl's XML::Sig and this case caught
me by surprise. I will need to get some more information on where and
how the file was generated.
Tim
On Mon, Nov 30, 2020 at 12:41 PM Aleksey Sanin <aleksey at aleksey.com> wrote:
>
> Hi Tim,
>
> I believe that technically inability to resolve a URI for a Reference
> (e.g. ID in your case) should result in a failure for calculating digest
> thus making the signature invalid.
>
> Best,
>
> Aleksey
>
> On 11/25/20 7:31 PM, Timothy Legge wrote:
> > Hi
> >
> > I recently had a file that had three signatures but one of the
> > References in the file did not point to anything in the XML file.
> >
> > https://pastebin.com/raw/8TWV0AZW
> >
> > What does one do with that? In my case I used the reference to look
> > for a matching node with the ID set to the value of the reference.
> > Since it was not in the file, I skipped processing that signature.
> >
> > I know it's a little off topic for this list but I imagine you have
> > seen something similar before.
> >
> > Tim
> > _______________________________________________
> > xmlsec mailing list
> > xmlsec at aleksey.com
> > http://www.aleksey.com/mailman/listinfo/xmlsec
> >
More information about the xmlsec
mailing list