Hello
Any thoughts on how the following can happen would be much appreciate.
Have some code like this which is preceeded by creating a verify contxt etc etc
just like examples::
...... /* print verification result to stdout */
if(dsigCtx->status == xmlSecDSigStatusSucceeded) {
fprintf(stdout, "RESULT: Signature is OK %d\n", dsigCtx->status); }
else { fprintf(stdout, "RESULT: Signature is INVALID %d\n",
dsigCtx->status); } fprintf(stdout,
"---------------------------------------------------\n");
xmlSecDSigCtxDebugDump(dsigCtx, stdout);......
And get the following output:
RESULT: Signature is INVALID
7219120---------------------------------------------------= VERIFICATION
CONTEXT== Status: succeeded== flags: 0x0000000e== flags2: 0x00000000== Key Info
Read Ctx:= KEY INFO READ CONTEXT== flags: 0x00000000== flags2: 0x00000000==
enabled key data: all== RetrievalMethod level (cur/max): 0/1== TRANSFORMS CTX
(status=0)== flags: 0x00000000== flags2: 0x00000000== enabled transforms:
all=== uri: NULL=== uri xpointer expr: NULL== EncryptedKey level (cur/max):
0/1=== KeyReq:==== keyId: rsa==== keyType: 0x00000001==== keyUsage:
0x00000002==== keyBitsSize: 0=== list size: 0== Key Info Write Ctx:= KEY INFO
WRITE CONTEXT== flags: 0x00000000== flags2: 0x00000000== enabled key data:
all== RetrievalMethod level (cur/max): 0/1== TRANSFORMS CTX (status=0)== flags:
0x00000000== flags2: 0x00000000== enabled transforms: all=== uri: NULL=== uri
xpointer expr: NULL== EncryptedKey level (cur/max): 0/1=== KeyReq:==== keyId:
NULL==== keyType: 0x00000001==== keyUsage: 0xffffffff==== keyBitsSize: 0===
list size: 0== Signature Transform Ctx:== TRANSFORMS CTX (status=2)== flags:
0x00000000== flags2: 0x00000000== enabled transforms: all=== uri: NULL=== uri
xpointer expr: NULL=== Transform: exc-c14n
(href=http://www.w3.org/2001/10/xml-exc-c14n#)=== Transform: membuf-transform
(href=NULL)=== Transform: rsa-sha1
(href=http://www.w3.org/2000/09/xmldsig#rsa-sha1)=== Transform:
membuf-transform (href=NULL)== Signature Method:=== Transform: rsa-sha1
(href=http://www.w3.org/2000/09/xmldsig#rsa-sha1)== Signature Key:== KEY===
method: RSAKeyValue=== key type: Public=== key usage: -1=== key not valid
before: 1458586152=== key not valid after: 1774118952=== rsa key: size =
2048=== list size: 1=== X509 Data:==== Key Certificate:==== Subject Name:
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX==== Issuer Name:
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX==== Issuer Serial:
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX==== Certificate:==== Subject Name:
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX==== Issuer Name:
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX==== Issuer Serial:
XXXXXXXXXXXXXXXXXXXXXXXXXXXXX== SignedInfo References List:=== list size: 1=
REFERENCE VERIFICATION CONTEXT== Status: succeeded== URI:
"#_c4e9522ba1289864766f54df6a04eae5b77fd7c70d"== Reference Transform Ctx:==
TRANSFORMS CTX (status=2)== flags: 0x00000000== flags2: 0x00000000== enabled
transforms: all=== uri: === uri xpointer expr:
#_c4e9522ba1289864766f54df6a04eae5b77fd7c70d=== Transform: xpointer
(href=http://www.w3.org/2001/04/xmldsig-more/xptr)=== Transform:
enveloped-signature
(href=http://www.w3.org/2000/09/xmldsig#enveloped-signature)=== Transform:
exc-c14n (href=http://www.w3.org/2001/10/xml-exc-c14n#)=== Transform:
membuf-transform (href=NULL)=== Transform: sha1
(href=http://www.w3.org/2000/09/xmldsig#sha1)=== Transform: membuf-transform
(href=NULL)== Digest Method:=== Transform: sha1
(href=http://www.w3.org/2000/09/xmldsig#sha1)== PreDigest data - start
buffer:........
....
Any ideas how this could happen?
The dump prints the status as being successful.This as per the setting of the
dsigCtx->status inxmlSecDSigCtxDebugDump() function in xmldsig.c
But how is it printing some garbage value before hand? (7219120)Why is it not
initialized or set to unknown/invalid.
Would appreciate any insight? No other logs/erros from the xmlsec are evident.
Are there any other logs I could refer to?
Would appreciate any thoughts.
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
