diff options
author | Aleksey Sanin <aleksey@src.gnome.org> | 2002-10-21 00:25:23 +0000 |
---|---|---|
committer | Aleksey Sanin <aleksey@src.gnome.org> | 2002-10-21 00:25:23 +0000 |
commit | 882c82c9ab0396e467eff283c2b474511026e555 (patch) | |
tree | 6b7a622d57a5cf114f478820a2c0694174213403 | |
parent | 69d6291e5d3f37e137a3c18053bed9540c2538de (diff) | |
download | xmlsec1-882c82c9ab0396e467eff283c2b474511026e555.tar.gz xmlsec1-882c82c9ab0396e467eff283c2b474511026e555.tar.bz2 xmlsec1-882c82c9ab0396e467eff283c2b474511026e555.zip |
*** empty log message ***
-rw-r--r-- | docs/faq.html | 38 |
1 files changed, 37 insertions, 1 deletions
diff --git a/docs/faq.html b/docs/faq.html index f5ae276e..4bffc802 100644 --- a/docs/faq.html +++ b/docs/faq.html @@ -137,7 +137,43 @@ function returns 0 <b>and</b> the <code>result</code> member of the returned <code>xmlSecDSigResult</code> structure is equal to <code>xmlSecTransformStatusOk</code>. - + <h4>3.2. I am trying to sign an XML document and I have a warning + about "empty nodes set". Should I worry about this?</h4> + Most likely <b>yes</b>. When it's not an error from specification + point of view, I can hardly imagine a real world case that + requires signing an empty nodes set (i.e. signing an empty string). + Most likely, you have this error because you are trying to + use ID attribute and you do not provide a DTD for the document. + For example, the following Reference element: + <blockquote><code> + <?xml version="1.0" encoding="UTF-8"><br> + <Root><br> + <Data Id="1234"><br> + The data I want to sign<br> + </Data><br> + <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><br> + ...<br> + <Reference URI="#1234"><br> + ...<br> + </Reference><br> + ...<br> + </Signature><br> + </Root><br> + </code></blockquote> + always results in an empty nodes set (an an empty string signed!) unless + you have a DTD that declares <code>Id</code> attribute of the + <code>Data</code> element to be an ID attribute: + <blockquote><code> + <!DOCTYPE test [<br> + <!ATTLIST Data Id ID #IMPLIED><br> + ]><br> + </code></blockquote> + If you are using XML Security Library in your application (not the xmlsec + command line utility!) then you can do a "hack" and tell LibXML2 (and + XMLSec) which attributes are ID attributes by calling <code>xmlAddID</code> + function. However, this might make you signature non-interoperable + with other XMLDSig implementations. + <p> <p><a href="bugs.html">Aleksey Sanin</a></p> </td> </tr> |