You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by bu...@apache.org on 2009/08/28 19:53:26 UTC
DO NOT REPLY [Bug 47761] New: xmlns:xml namespace improperly emitted
during excl c14n
https://issues.apache.org/bugzilla/show_bug.cgi?id=47761
Summary: xmlns:xml namespace improperly emitted during excl
c14n
Product: Security
Version: Java 1.4.2
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: Signature
AssignedTo: security-dev@xml.apache.org
ReportedBy: cantor.2@osu.edu
--- Comment #0 from Scott Cantor <ca...@osu.edu> 2009-08-28 10:53:25 PDT ---
Created an attachment (id=24187)
Affected document, unsigned and signed, and a key pair used.
It appears that the c14n algorithm is outputting xmlns:xml in certain
conditions even when set to the usual/presumed value, which is improper.
A kit to help reproduce is attached.
>From exchanging email with Sean, I believe the trigger for this is probably the
poor choice (but not outright bug) of including the xml prefix in the inclusive
prefix parameter. If so, only exclusive would be broken, and only with this
trigger.
We agree that identifying the prefix there is a bad idea, but it's not illegal
and it doesn't change the algorithm, so it should get fixed here also.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
DO NOT REPLY [Bug 47761] xmlns:xml namespace improperly emitted
during excl c14n
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=47761
sean.mullan@sun.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
--- Comment #1 from sean.mullan@sun.com 2009-10-01 14:11:30 PDT ---
Fixed in main trunk.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.