From 882c82c9ab0396e467eff283c2b474511026e555 Mon Sep 17 00:00:00 2001 From: Aleksey Sanin Date: Mon, 21 Oct 2002 00:25:23 +0000 Subject: *** empty log message *** --- docs/faq.html | 38 +++++++++++++++++++++++++++++++++++++- 1 file changed, 37 insertions(+), 1 deletion(-) diff --git a/docs/faq.html b/docs/faq.html index f5ae276e..4bffc802 100644 --- a/docs/faq.html +++ b/docs/faq.html @@ -137,7 +137,43 @@ function returns 0 and the result member of the returned xmlSecDSigResult structure is equal to xmlSecTransformStatusOk. - +

3.2. I am trying to sign an XML document and I have a warning + about "empty nodes set". Should I worry about this?

+ Most likely yes. When it's not an error from specification + point of view, I can hardly imagine a real world case that + requires signing an empty nodes set (i.e. signing an empty string). + Most likely, you have this error because you are trying to + use ID attribute and you do not provide a DTD for the document. + For example, the following Reference element: +
+ <?xml version="1.0" encoding="UTF-8">
+ <Root>
+   <Data Id="1234">
+     The data I want to sign
+   </Data>
+   <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+   ...
+     <Reference URI="#1234">
+     ...
+     </Reference>
+   ...
+   </Signature>
+ </Root>
+
+ always results in an empty nodes set (an an empty string signed!) unless + you have a DTD that declares Id attribute of the + Data element to be an ID attribute: +
+ <!DOCTYPE test [
+  <!ATTLIST Data Id ID #IMPLIED>
+ ]>
+
+ If you are using XML Security Library in your application (not the xmlsec + command line utility!) then you can do a "hack" and tell LibXML2 (and + XMLSec) which attributes are ID attributes by calling xmlAddID + function. However, this might make you signature non-interoperable + with other XMLDSig implementations. +

Aleksey Sanin

-- cgit v1.2.3