Jirka Kosek wrote:
Aleksey Sanin wrote:
Thanks for the tip. I investigated it little bit and in general both
ways you suggested work. The only glitch is that this doesn't work if I
use non-ASCII characters in name. This is problem because certificates
here in Czech usually contain first and last name inside certificate
subject and there are almost always some characters with accents.
Yeah, xmlsec utility is smart enough to convert command line parameters
from code page to utf8 as expected on windows. I'll take a look, should
be trivial fix.
I haven't used command line parameters, but signature template file in XML.
So it seems that there is a bug related to processing non-ASCII
characters. Also if I ask for certificate subject and issuer in a
signature template and these fields contain non-ASCII characters, I get
the following error from xmlsec:
output error : invalid character value
output error : string is not in UTF-8
This is not a bug. By default, all data in XML file are expected to be
in UTF8 encoding. If you use different encoding, then you need to
specify the encoding you use in XML prolog.
Then there is probably another problem. My files were in UTF-8 with
proper<?xml version="1.0" encoding="utf-8"?> declaration. But xmlsec
was unable to find matching key (last error msg=Cannot find object or
property). I even tried to escape Czech characters using&#...;
notation, but without success.
I'm not familiar with xmlsec internals, but I suppose that it uses
libxml2 for parsing, so input encoding should be converted to UTF-8 for
in-memory storage. So encoding of XML file shouldn't matter?
As a workaround I have tried to escape accented characters, i.e. use:
serialNumber=P111870,CN=Ing. Ji\C5\99\C3\AD Kosek,OU=1,O=Ing.
Ji\C5\99\C3\AD Kosek [I\C4\8C 71612998],C=CZ
Good workaround!
Unfortunatelly, it was *not working*.
I'm not sure that crypto libraries understand "escaping".
I believe you should be able to make it work through template by either
converting names to utf8 or specifying encoding for the xml file.
Still no success, but many thanks for help.
Jirka
May be issue is with conversion in MultiByteToWideChar. No Idea why is
CP_ACP and I don't know enough how portable is CP_UTF8 for windows OS-es.
Roumen
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
