Ha-ha... it's always linker's fault :) Aleksey
On 8/23/13 10:40 AM, Max Motovilov wrote: > Looks like I have the answer -- libxmljs statically links against a > version of libxml2 they package along with their code :( I must be > seeing an ABI incompatibility between different versions of libxml2 > > Thanks for your quick responses! > ...Max... > >> libxml2 came from the same rpm repo as before. In fact I have what I'm >> pretty sure is an identical VM instance w/CentOS and same versions of >> libxml2 and libxmlsec1. The older version of my software -- which is a >> very simple Node.js binding for libxmlsec1 -- works there just fine. >> The code did not change between the new and old versions at all -- I >> have simply recompiled it against newer versions of Node.js runtime >> and libxml2 binding library (libxmljs). This newer version does work >> on my local Mint instance but, like I said, both the libxml2 and >> libxmlsec1 are more recent there as well. My only trail right now is >> possible incompatibility between libxmljs and older libxml2 OR between >> the documents libxmljs creates with libxml2 AND the way libxmlsec1 >> uses them -- the last one sounds rather fishy even to myself :( >> >> ...Max... >> >>> Weird indeed. The document and DTD look good to me but apparently ID >>> attribute is not recognized. May be there were some changes in LibXML2? >>> Or may be LibXML2 was not compiled with XPointer support? >>> >>> Aleksey >>> >>> On 8/23/13 9:44 AM, Max Motovilov wrote: >>>> Happening to me in the code that's previously been working for quite a >>>> while. Here's the document I pass via its <Signature> element into >>>> xmlSecDSigCtxSign() : >>>> >>>> ========= >>>> <?xml version="1.0" encoding="UTF-8" standalone="no"?> >>>> <!DOCTYPE AuthnRequest [ >>>> <!ELEMENT AuthnRequest (#PCDATA)> >>>> <!ATTLIST AuthnRequest ID ID #IMPLIED> >>>> ]> >>>> <AuthnRequest xmlns="urn:oasis:names:tc:SAML:2.0:protocol" ID="login" >>>> Destination="http://10.0.25.17:8080/cosmosDev/web/idp/SSO"; >>>> IssueInstant="2013-08-23T18:39:25Z" Version="2.0"> >>>> <Issuer >>>> xmlns="urn:oasis:names:tc:SAML:2.0:assertion">http://10.0.26.16/ssoRequest</Issuer> >>>> >>>> >>>> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#";> >>>> <SignedInfo> >>>> <CanonicalizationMethod >>>> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/> >>>> >>>> <SignatureMethod >>>> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> >>>> <Reference URI="#login"> >>>> <Transforms> >>>> <Transform >>>> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> >>>> </Transforms> >>>> <DigestMethod >>>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> >>>> <DigestValue/> >>>> </Reference> >>>> </SignedInfo> >>>> <SignatureValue/> >>>> </Signature> >>>> </AuthnRequest> >>>> ========= >>>> >>>> and here's the traceback I get: >>>> >>>> ========= >>>> func=xmlSecXPathDataExecute:file=xpath.c:line=273:obj=unknown:subj=xmlXPtrEval:error=5:libxml2 >>>> >>>> >>>> library function failed:expr=xpointer(id('login')) >>>> func=xmlSecXPathDataListExecute:file=xpath.c:line=356:obj=unknown:subj=xmlSecXPathDataExecute:error=1:xmlsec >>>> >>>> >>>> library function failed: >>>> func=xmlSecTransformXPathExecute:file=xpath.c:line=466:obj=xpointer:subj=xmlSecXPathDataExecute:error=1:xmlsec >>>> >>>> >>>> library function failed: >>>> func=xmlSecTransformDefaultPushXml:file=transforms.c:line=2395:obj=xpointer:subj=xmlSecTransformExecute:error=1:xmlsec >>>> >>>> >>>> library function failed: >>>> func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1226:obj=unknown:subj=xmlSecTransformPushXml:error=1:xmlsec >>>> >>>> >>>> library function failed:transform=xpointer >>>> func=xmlSecTransformCtxExecute:file=transforms.c:line=1286:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec >>>> >>>> >>>> library function failed: >>>> func=xmlSecDSigReferenceCtxProcessNode:file=xmldsig.c:line=1571:obj=unknown:subj=xmlSecTransformCtxExecute:error=1:xmlsec >>>> >>>> >>>> library function failed: >>>> func=xmlSecDSigCtxProcessSignedInfoNode:file=xmldsig.c:line=804:obj=unknown:subj=xmlSecDSigReferenceCtxProcessNode:error=1:xmlsec >>>> >>>> >>>> library function failed:node=Reference >>>> func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=547:obj=unknown:subj=xmlSecDSigCtxProcessSignedInfoNode:error=1:xmlsec >>>> >>>> >>>> library function failed: >>>> func=xmlSecDSigCtxSign:file=xmldsig.c:line=303:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec >>>> >>>> >>>> library function failed: >>>> ========= >>>> >>>> The document has an ID attribute declared in DTD, the value has no >>>> weird >>>> characters in it yet the id() expression fails. To add insult to >>>> injury, >>>> this is in the code that's been working for a long time on different >>>> versions of Linux. The problem I am seeing now is on CentOS >>>> (2.6.32-220.23.1.el6.centos.plus.x86_64), libxmlsec1 1.2.16, libxml2 >>>> 2.7.6, BUT everything has worked with this configuration (just not this >>>> particular instance) before! The only difference I can think of is that >>>> the XML document is now created by a different (newer) version of the >>>> wrapper library for libxml2 (https://github.com/polotek/libxmljs) but >>>> what could it possibly impact I don't know. Same version of the library >>>> works for me just fine on a different system. >>>> >>>> Ideas or advice very much appreciated! >>>> >>>> Thanks in advance, >>>> ...Max... >>>> >>>> >>>> >>>> _______________________________________________ >>>> xmlsec mailing list >>>> [email protected] >>>> http://www.aleksey.com/mailman/listinfo/xmlsec >> >> _______________________________________________ >> xmlsec mailing list >> [email protected] >> http://www.aleksey.com/mailman/listinfo/xmlsec >> > _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
