Hi,
Our software is using xmlsec-1.4.1. However, we are very interested on
reproducing that canonicalization issue that showed up in 1.4.0 by replacing
1.4.1 with 1.4.0 in our software and testing.
After a quick look into the bug description and the CanonicalizerBase.java file,
we expected the issue to manifest when signing a xml piece of data that is
containing a CDATA section with scandinavian characters. For instance:
<script>
<![CDATA[
function matchwo(a,b)
{
if (a < b && a < 0) then
{
//öäå
return 1
}
else
{
//ÖÄÅ
return 0
}
}
]]>
</script>
In our tests, we send such a xml block to a servlet which will try to sign it.
But we are unable to find any problems, i.e, the signatures created with both
1.4.1 and 1.4.0 are the same.
Could anyone give us some indication?
Regards,
Rafael
