Bug 118636 – xmlsec-nss: writing complex X509Data nodes is not supported

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 118636 - xmlsec-nss: writing complex X509Data nodes is not supported


Summary:	xmlsec-nss: writing complex X509Data nodes is not supported


Status:	RESOLVED FIXED

Product:	xmlsec
Classification:	Other
Component:	xmlsec-nss
Version:	1.1.0
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	Aleksey Sanin
QA Contact:	Aleksey Sanin

URL:
Whiteboard:

Depends on:	118633
Blocks:

Reported:	2003-07-30 03:31 UTC by Aleksey Sanin
Modified:	2010-04-26 21:46 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
the fix for xmlsec-nss (33.13 KB, patch) 2003-08-05 02:48 UTC, Aleksey Sanin	none	Details \| Review

Description Aleksey Sanin 2003-07-30 03:31:15 UTC

Need to implement support for X509Data node children in the template as it
is done in xmlsec-openssl:

  - Read X509Data node and create a bits mask of its children
  (cert, subject, serial, ski, crl).
  - If mask is 0 (no children) then set cert and crl bits to simulate
  current behaiviour (write certs and crls in empty X509Data node).
  - Remove X509Data node content.
  - Walk thru the list of certificates and write cert and/or subject and/or
  serial and/or ski according to bits mask.
  - If crls bit is set walk thru the list of crls and write them out.
  

I.e., we want support templates like:

Comment 1 Aleksey Sanin 2003-07-30 03:31:50 UTC

Templates like: 

<X509Data>
   <X509SubjectName/>
</X509Data>

Comment 2 Roumen Petrov 2003-07-30 10:36:50 UTC

Implementation should remove X509Data SUBnode only when its content is
white-space string.

Comment 3 Aleksey Sanin 2003-08-05 02:48:00 UTC

Created attachment 18914 [details] [review]
the fix for xmlsec-nss

Comment 4 Aleksey Sanin 2003-08-05 02:49:27 UTC

The fix above does most of the job. The final step requires some
changes in NSS which are tracked in bug #118633. The patch is checked
in the trunk and should be in xmlsec 1.1.1 release.

Checking in ChangeLog;
/cvs/gnome/xmlsec/ChangeLog,v  <--  ChangeLog
new revision: 1.126; previous revision: 1.125
done
Checking in include/xmlsec/Makefile.am;
/cvs/gnome/xmlsec/include/xmlsec/Makefile.am,v  <--  Makefile.am
new revision: 1.35; previous revision: 1.34
done
Checking in include/xmlsec/x509.h;
/cvs/gnome/xmlsec/include/xmlsec/x509.h,v  <--  x509.h
new revision: 1.23; previous revision: 1.22
done
Checking in src/Makefile.am;
/cvs/gnome/xmlsec/src/Makefile.am,v  <--  Makefile.am
new revision: 1.39; previous revision: 1.38
done
Checking in src/x509.c;
/cvs/gnome/xmlsec/src/x509.c,v  <--  x509.c
new revision: 1.23; previous revision: 1.22
done
Checking in src/nss/README;
/cvs/gnome/xmlsec/src/nss/README,v  <--  README
new revision: 1.4; previous revision: 1.3
done
Checking in src/nss/x509.c;
/cvs/gnome/xmlsec/src/nss/x509.c,v  <--  x509.c
new revision: 1.3; previous revision: 1.2
done
Checking in src/openssl/x509.c;
/cvs/gnome/xmlsec/src/openssl/x509.c,v  <--  x509.c
new revision: 1.40; previous revision: 1.39
done
Checking in tests/keys.xml;
/cvs/gnome/xmlsec/tests/keys.xml,v  <--  keys.xml
new revision: 1.170; previous revision: 1.169
done
Checking in win32/Makefile.msvc;
/cvs/gnome/xmlsec/win32/Makefile.msvc,v  <--  Makefile.msvc
new revision: 1.18; previous revision: 1.17
done

Comment 5 Aleksey Sanin 2010-04-26 21:46:35 UTC

fixed