Hi,

I commited a second big bugfix today which should now fix the problem with the signature verification for roles and PIN (CRINs) too. I worked some time ago on a telco software and remembered me that the linebreak of http is \r\n.

We (OpenCA) uses only \n\n for example to seperate the content-type from the body. Perhaps the Apache or the browsers fix this and other issues by simply converting all \n to \r\n because this normally does not break any HTML page.

This is not illegal because the HTML specification includes a statement about CDATA:

-----
CDATA is a sequence of characters from the document character set and may include character entities. User agents should interpret attribute values as follows:


    * Replace character entities with characters,
    * Ignore line feeds,
    * Replace each carriage return or tab with a single space.
-----

This means that we can get problems with \n in hidden fields. The big questions is what does "interprets" mean - only displaying or a change of the internal represenation too?

The last changes produce a working verification environment for me. So perhaps always use \r\n if possible to avoid interactions with browser and Apache intelligence.

I hope I don't frustrate too many testers with this summary ;)

Michael
--
-------------------------------------------------------------------
Michael Bell                   Email: [EMAIL PROTECTED]
ZE Computer- und Medienservice            Tel.: +49 (0)30-2093 2482
(Computing Centre)                        Fax:  +49 (0)30-2093 2704
Humboldt-University of Berlin
Unter den Linden 6
10099 Berlin                   Email (private): [EMAIL PROTECTED]
Germany                                       http://www.openca.org



-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
OpenCA-Devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-devel

Reply via email to