> The problem of invalid references arises in xmlsec-c code base when > either a document has a single signature whose reference URI is some > child node of the document or when the root node has a signature AND > some child node of the document has a signature. (Validation with xerces > 2.7 always comes out correct)
If you're validating, that might be your problem, but most of the issues around that were fixed in Xerces-C 2.7. Earlier versions would require that you disable data type normalization, and that would break any nested signature cases where you were signing base-64. But I would try disabling validation and make sure that's not involved. Otherwise, what you want to do is actually get a trace of the octet string being digested in C++ and compare that XML to what you think the c14n should produce. -- Scott
