You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2010/12/07 13:02:13 UTC
[jira] Updated: (SANTUARIO-200) xmlns:xml namespace improperly
emitted during excl c14n
[ https://issues.apache.org/jira/browse/SANTUARIO-200?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh updated SANTUARIO-200:
------------------------------------------
Fix Version/s: Java 1.4.4
Assignee: (was: XML Security Developers Mailing List)
> xmlns:xml namespace improperly emitted during excl c14n
> -------------------------------------------------------
>
> Key: SANTUARIO-200
> URL: https://issues.apache.org/jira/browse/SANTUARIO-200
> Project: Santuario
> Issue Type: Bug
> Components: Java
> Affects Versions: Java 1.4.2
> Environment: Operating System: All
> Platform: All
> Reporter: Scott Cantor
> Fix For: Java 1.4.4
>
> Attachments: xmlsig_example.tgz
>
>
> Created an attachment (id=24187)
> Affected document, unsigned and signed, and a key pair used.
> It appears that the c14n algorithm is outputting xmlns:xml in certain
> conditions even when set to the usual/presumed value, which is improper.
> A kit to help reproduce is attached.
> From exchanging email with Sean, I believe the trigger for this is probably the
> poor choice (but not outright bug) of including the xml prefix in the inclusive
> prefix parameter. If so, only exclusive would be broken, and only with this
> trigger.
> We agree that identifying the prefix there is a bad idea, but it's not illegal
> and it doesn't change the algorithm, so it should get fixed here also.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.