Hm... I was under impression that xmlNodeSetContent() does the encoding
internally. I guess I was wrong. Let me research this. There are other
places in xmlsec where xmlNodeSetContent() is used. All these places
need to encode & and other special characters.
Thanks for bug report!
Aleksey
Cliff Hones wrote:
I have an X509 certificate which has an ampersand within its
"Subject" text. When signing with this certificate, the content
of the X509SubjectName node is incorrectly set - it terminates
at the ampersand (which is not encoded as &). Also, xmllib
reports "unterminated entity reference".
I can fix this behaviour by adding a suitable call to the routine
xmlEncodeSpecialChars in openssl/x509.c in the function
xmlSecOpenSSLX509SubjectNameNodeWrite
Note that xmlEncodeSpecialChars requires a "doc" as first argument,
which is not available in this routine, but in fact NULL can be
passed as the doc argument is not used.
I think this call should also be added to
xmlSecOpenSSLX509IssuerSerialNodeWrite
for the IssuerName node, as this could also contain text with
an "&" (or indeed other special XML characters).
This problem could also be present in other places where xmlsec sets
node content to a raw string sourced from non-XML. I haven't looked
to see if there are any other such occurrences.
Do you consider this a bug? Should I submit it to the Gnome bugzilla?
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
