Re: [xml] xmlParseFile fails on xCBL 4.0 document
- From: Alexander Trishin <trial trishin com>
- To: aleksey aleksey com
- Cc: xml gnome org
- Subject: Re: [xml] xmlParseFile fails on xCBL 4.0 document
- Date: Thu, 22 Dec 2005 08:57:11 -0600
I'm terribly sorry, the issue happens at xmlSecDSigCtxSign call, not
xmlParseFile.
You are right there is no reason to execute c14n code at the parse time.
That does not eliminate the problem though...
aleksey aleksey com wrote:
I am not sure*why* c14n code executed for xmlParseFile function. But
assuming that there is a legitimate reason for this (i.e. there is another
function call) ...
C14N specification require absolute namespace URIs. Probably it is better
to do the check for known URI schemes (e.g. "http", "https", "ftp", "file")
instead of exluding few ("urn", "dav", "rrn") though it goes against usual
security practice to (exclude what you know is good vs. catch what you
know is bad).
Unfortunately, I am on vacation and will not be able to make this change till
January. You can either wait or create a patch yourself and send it to this
mailing list.
Aleksey
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]