Where can I get a list of the known C14N bugs in XMLSec 1.3.0? I have a problem where one of my unit tests is incorrectly failing due to a pattern like the following:
<ds:Reference Type="http://www.w3.org/2000/09/xmldsig#SignatureProperties"; URI="#47b38f3b"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256";></ds:DigestMethod> <ds:DigestValue>qZhbpRF5y9PMnNsegBonsB1UTNjt3dE/t4P/NbFvFIE=</ds:DigestValue> </ds:Reference> ... <ds:SignatureProperties Id="47b38f3b"> <!-- I'm just a little black raincloud... --> <ds:SignatureProperty ... The comment has been programatically added to the SignatureProperties node to prove that comments aren't included in the digested data. If I take out the carriage return after the comment, the test passes as expected. With the newline, it fails. My understanding of C14N without comments is that this code is in error. Am I right? Was this fixed in a later version? (Is there a newer version that doesn't have any regressions in it? The general bug history seems to indicate the answer is 'no') Thanks, -- - Jason
