Looks like I have the answer -- libxmljs statically links against a
version of libxml2 they package along with their code :( I must be
seeing an ABI incompatibility between different versions of libxml2
Thanks for your quick responses!
...Max...
libxml2 came from the same rpm repo as before. In fact I have what I'm
pretty sure is an identical VM instance w/CentOS and same versions of
libxml2 and libxmlsec1. The older version of my software -- which is a
very simple Node.js binding for libxmlsec1 -- works there just fine.
The code did not change between the new and old versions at all -- I
have simply recompiled it against newer versions of Node.js runtime
and libxml2 binding library (libxmljs). This newer version does work
on my local Mint instance but, like I said, both the libxml2 and
libxmlsec1 are more recent there as well. My only trail right now is
possible incompatibility between libxmljs and older libxml2 OR between
the documents libxmljs creates with libxml2 AND the way libxmlsec1
uses them -- the last one sounds rather fishy even to myself :(
...Max...
Weird indeed. The document and DTD look good to me but apparently ID
attribute is not recognized. May be there were some changes in LibXML2?
Or may be LibXML2 was not compiled with XPointer support?
Aleksey
On 8/23/13 9:44 AM, Max Motovilov wrote:
Happening to me in the code that's previously been working for quite a
while. Here's the document I pass via its <Signature> element into
xmlSecDSigCtxSign() :
=========
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE AuthnRequest [
<!ELEMENT AuthnRequest (#PCDATA)>
<!ATTLIST AuthnRequest ID ID #IMPLIED>
]>
<AuthnRequest xmlns="urn:oasis:names:tc:SAML:2.0:protocol" ID="login"
Destination="http://10.0.25.17:8080/cosmosDev/web/idp/SSO";
IssueInstant="2013-08-23T18:39:25Z" Version="2.0">
<Issuer
xmlns="urn:oasis:names:tc:SAML:2.0:assertion">http://10.0.26.16/ssoRequest</Issuer>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#";>
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#login">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue/>
</Reference>
</SignedInfo>
<SignatureValue/>
</Signature>
</AuthnRequest>
=========
and here's the traceback I get:
=========
func=xmlSecXPathDataExecute:file=xpath.c:line=273:obj=unknown:subj=xmlXPtrEval:error=5:libxml2
library function failed:expr=xpointer(id('login'))
func=xmlSecXPathDataListExecute:file=xpath.c:line=356:obj=unknown:subj=xmlSecXPathDataExecute:error=1:xmlsec
library function failed:
func=xmlSecTransformXPathExecute:file=xpath.c:line=466:obj=xpointer:subj=xmlSecXPathDataExecute:error=1:xmlsec
library function failed:
func=xmlSecTransformDefaultPushXml:file=transforms.c:line=2395:obj=xpointer:subj=xmlSecTransformExecute:error=1:xmlsec
library function failed:
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1226:obj=unknown:subj=xmlSecTransformPushXml:error=1:xmlsec
library function failed:transform=xpointer
func=xmlSecTransformCtxExecute:file=transforms.c:line=1286:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec
library function failed:
func=xmlSecDSigReferenceCtxProcessNode:file=xmldsig.c:line=1571:obj=unknown:subj=xmlSecTransformCtxExecute:error=1:xmlsec
library function failed:
func=xmlSecDSigCtxProcessSignedInfoNode:file=xmldsig.c:line=804:obj=unknown:subj=xmlSecDSigReferenceCtxProcessNode:error=1:xmlsec
library function failed:node=Reference
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=547:obj=unknown:subj=xmlSecDSigCtxProcessSignedInfoNode:error=1:xmlsec
library function failed:
func=xmlSecDSigCtxSign:file=xmldsig.c:line=303:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec
library function failed:
=========
The document has an ID attribute declared in DTD, the value has no
weird
characters in it yet the id() expression fails. To add insult to
injury,
this is in the code that's been working for a long time on different
versions of Linux. The problem I am seeing now is on CentOS
(2.6.32-220.23.1.el6.centos.plus.x86_64), libxmlsec1 1.2.16, libxml2
2.7.6, BUT everything has worked with this configuration (just not this
particular instance) before! The only difference I can think of is that
the XML document is now created by a different (newer) version of the
wrapper library for libxml2 (https://github.com/polotek/libxmljs) but
what could it possibly impact I don't know. Same version of the library
works for me just fine on a different system.
Ideas or advice very much appreciated!
Thanks in advance,
...Max...
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
