You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@santuario.apache.org by bu...@apache.org on 2009/08/28 19:53:26 UTC

DO NOT REPLY [Bug 47761] New: xmlns:xml namespace improperly emitted during excl c14n

https://issues.apache.org/bugzilla/show_bug.cgi?id=47761

           Summary: xmlns:xml namespace improperly emitted during excl
                    c14n
           Product: Security
           Version: Java 1.4.2
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Signature
        AssignedTo: security-dev@xml.apache.org
        ReportedBy: cantor.2@osu.edu


--- Comment #0 from Scott Cantor <ca...@osu.edu> 2009-08-28 10:53:25 PDT ---
Created an attachment (id=24187)
Affected document, unsigned and signed, and a key pair used.

It appears that the c14n algorithm is outputting xmlns:xml in certain
conditions even when set to the usual/presumed value, which is improper.

A kit to help reproduce is attached.

>From exchanging email with Sean, I believe the trigger for this is probably the
poor choice (but not outright bug) of including the xml prefix in the inclusive
prefix parameter. If so, only exclusive would be broken, and only with this
trigger.

We agree that identifying the prefix there is a bad idea, but it's not illegal
and it doesn't change the algorithm, so it should get fixed here also.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

DO NOT REPLY [Bug 47761] xmlns:xml namespace improperly emitted during excl c14n

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=47761

sean.mullan@sun.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED

--- Comment #1 from sean.mullan@sun.com 2009-10-01 14:11:30 PDT ---
Fixed in main trunk.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.