Ok, I'm baffled. The error says: xmlSecSignedInfoRead <..\src\xmldsig.c:1493>: error 51: invalid reference :
Sure enough, the result member of the returned xmlSecDSigResult structure equals to xmlSecTransformStatusNone, so validation is not really succeeding, but a status of "None" doesn't give me many clues. I have attached my Signature file - as I understand it the Reference node doesn't have to have any attributes as they are implied. But could the absence of the Id, Mimetype, or Encoding attribute be causing this problem? Thank you for your time meg Meg Morgan wrote: > > Thank you - I will look at the faqs. > > Aleksey Sanin wrote: > > > > Please check section 3.1 of the FAQ: > > http://www.aleksey.com/xmlsec/faq.html > > The xmlSecDSigVerify returns -1 if there is a critical error (i.e. > > something really > > bad happens like wrong XML structure). "Signature is not valid" is a > > possible > > *valid* result of this operation. In this case, we return 0 to indicate > > that there is > > no critical errors and in the same time, we don't verify the signature > > because > > result is not "ok". > > > > Aleksey > > > > Meg Morgan wrote: > > > > >I hit this error while checking a signature, but the return > > >value is 0 so it doesn't really fail. > > > > > >xmldsig.c: 1493 > > > > > >if((!sign) && (ref->result != xmlSecTransformStatusOk)) { > > > xmlSecError(XMLSEC_ERRORS_HERE, > > > XMLSEC_ERRORS_R_DSIG_INVALID_REFERENCE, > > > " "); > > > /* "soft" error */ > > > res = 0; > > > goto done; > > >} > > > > > > > > >What does this really mean? > > > > > >Sorry to ask so many questions today ... > > >meg > > > > > > > > > > > -- > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > Meg Morgan 425/450-2754 > [EMAIL PROTECTED] http://www.votehere.net > _______________________________________________ > xmlsec mailing list > [EMAIL PROTECTED] > http://www.aleksey.com/mailman/listinfo/xmlsec -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Meg Morgan 425/450-2754 [EMAIL PROTECTED] http://www.votehere.net
<?xml version="1.0"?> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#";> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/> <Reference> <Transforms> <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <DigestValue>hADUJo2no0WHX/b703vRc6/IvYY=</DigestValue> </Reference> </SignedInfo> <SignatureValue>RFwGDI7qNEyibUECgzUdbefN1eJKbh57ECwO3CisfgckZmJr3BZY4w==</SignatureValue> <KeyInfo> <KeyValue> <DSAKeyValue> <P> h5UMKYmWO+um5e5UyRu07St1uptdgButRFRSo6bSuAdjkQOEU1zYO5/PONmqv3vR A+6qLGDqXiS6oIig3wd3/xKW2I2jFBYACGKtNRPM57kfDcEs412zca/BOSpQkIlu +KEW0g4jDVIhOndvWXHK8UjR4ZNpeJL4dkX0Cyo1j8s= </P> <Q> pFgv8EaKYjIZIaiAqBKt273g/9E= </Q> <G> SqS9ottR9dgI00qVs2wZuft62p5RMINK/4qIPD6a2hOk/8IwSV+aJ2YFs/XOIguu 4xUJErRt96Z9uBNDtCqI88BI8j6EDamRc76qrFUK6ELIz6g3Pv/3XIzL9sp61uR3 f/gnNMFbQEMWZm1QY0AGl+GICSlozC3t9NpCHdAXqKo= </G> <Y> bDS9MibuXPy6ZR3yHzNLAJG0YJw4HtMq1ojHyp8//Cv5UL/ftnTIdw3K/Rcc0Qv+ eXsCk5R2tE6BViuWnxGfTn5+bH0/97G/9+nU6lOEfd/3sI7jC4puzhKyza+Wq9zI LY2tXbMVmxehGxqwaco+bTtVavkROhgVwx3X3yllMhI= </Y> </DSAKeyValue> </KeyValue> </KeyInfo> </Signature>
