Discussion:
[xmlsec] C14n failure with relative namespace
Lenoir Herve
2010-01-10 07:48:03 UTC
Permalink
I, Aleksey,
When, I try to Sign a XML Client file with transform exclusive canonicalization, I have this error :

<FEN0029A xmlns="FEN0029A">
^
C14N error : Relative namespace UR is invalid here : (null)

It seems, it's a libxml2 C14n error...
For libxml2 this namespace is a "relative namespace" (a deprecated namespace)
When I modify the XML input file and add "urn:"
<FEN0029A xmlns="FEN0029A"> to <FEN0029A xmlns="urn:FEN0029A">
It works fine !

My problem is :
1) the Client can't modify the XML file provided (created by an external product)
2) I can't omit the canonicalization (my security policies doesn't permit it)

Do you know other solution to resolve my problem ?

Best regards,
Herv?



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20100110/4e0f60ce/attachment.html>
Aleksey Sanin
2010-01-13 06:03:54 UTC
Permalink
From XML C14N spec (http://www.w3.org/TR/xml-c14n)


Note: This specification supports the recent XML plenary decision to
deprecate relative namespace URIs as follows: implementations of XML
canonicalization MUST report an operation failure on documents
containing relative namespace URIs. XML canonicalization MUST NOT be
implemented with an XML parser that converts relative URIs to absolute URIs.

Sorry.

Aleksey
*<FEN0029A xmlns="FEN0029A">
^
C14N error : Relative namespace UR is invalid here : (null)*
It seems, it's a libxml2 *C14n* error...
Loading...