I highly doubt that http headers are involved in the signatures...
At least, not with xmlsec.
Aleksey
[EMAIL PROTECTED] wrote:
Hello,
I think I'm running into a problem where the digital signature is being
made invalid due to an http post.
Before I send my message to serverB I encrypt it and sign it, I then
post the message to the server.
The post obviously adds http headers to the beginning of the message,
such as ContentType, ContentLength, ect.
I'm guessing that even though these headers are not inside the xml
document, they are still affecting my digest.
Is there a way to force the sign method to only sign the xml as opposed
to the whole string? and also force
the severB verifier to verify the xml?
Thank you,
Brian
------------------------------------------------------------------------
_______________________________________________
xmlsec mailing list
xmlsec@aleksey.com
http://www.aleksey.com/mailman/listinfo/xmlsec
_______________________________________________
xmlsec mailing list
xmlsec@aleksey.com
http://www.aleksey.com/mailman/listinfo/xmlsec
