This is not an issue for openssl developers because it does not require
fixes or changes to the openssl code. Unfortunately I don't know of a
list for general xml-signature questions. :(
If I cut and paste your fragment into a file and edit it to be one long
line, I get
; openssl sha1 -binary </tmp/foo | openssl base64 -e
zGmy1cl7mjWBJPXwPVeOSAlB79c=
Which doesn't match either value in your message.
I suspect that your canonicalization code is wrong. I would edit the code
to print out the bytestream that is sent into the SHA1 hash.
If you need production-quality XML signature code you should probably use
whatever Apache has these days and/or the xmlsec library.
/r$
--
STSM, Senior Security Architect
DataPower SOA Appliances
http://www.ibm.com/software/integration/datapower/
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
