RubyGems - xmlsec-shim - Versions diffs - 1.2.18.1 - Mend

xmlsec-shim 1.2.18.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (969) hide show

data/vendor/xmlsec1-1.2.18/docs/c14n.html ADDED

@@ -0,0 +1,73 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>XML Security Library: Canonicalization</title>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="index.html">Home</a></li>
+<li><a href="download.html">Download</a></li>
+<li><a href="news.html">News</a></li>
+<li><a href="documentation.html">Documentation</a></li>
+<ul>
+<li><a href="faq.html">FAQ</a></li>
+<li><a href="api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="api/xmlsec-reference.html">API reference</a></li>
+<li><a href="api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="xmlenc.html">XML Encryption</a></li>
+<li><a href="c14n.html">XML Canonicalization</a></li>
+<li><a href="bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="related.html">Related</a></li>
+<li><a href="authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<div align="Center">
+<h2>Canonical XML / Exclusive Canonical XML</h2>
+</div>
+<p>
+Both <a href="http://www.w3.org/TR/xmldsig-core">XML Signature</a>
+ and <a href="http://www.w3.org/TR/xmlenc-core/">XML
+Encryption</a>
+ use XML Canonicalization standards to produce canonical form of the original
+XML document. Except for limitations regarding a few unusual cases, if two
+documents have the same canonical form, then the two documents are logically
+equivalent within the given application context. Implementation of both these
+standards were included in libxml2 library because these algorithms could
+be interested for other applications as well.
+</p>
+<ul>
+<li>
+<a href="http://www.w3.org/TR/xml-c14n">Canonical XML 1.0</a>
+   (included in libxml2)</li>
+<li>
+<a href="http://www.w3.org/TR/xml-exc-c14n">Exclusive Canonical XML 1.0</a>
+   (included in libxml2)</li>
+<li>
+<a href="http://www.w3.org/TR/xml-c14n11/">Canonical XML 1.1</a>
+   (included in libxml2)</li>
+</ul>
+</td></tr></table></td>
+</tr></table></body>
+</html>

data/vendor/xmlsec1-1.2.18/docs/documentation.html ADDED

@@ -0,0 +1,65 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>XML Security Library: Documentation</title>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="index.html">Home</a></li>
+<li><a href="download.html">Download</a></li>
+<li><a href="news.html">News</a></li>
+<li><a href="documentation.html">Documentation</a></li>
+<ul>
+<li><a href="faq.html">FAQ</a></li>
+<li><a href="api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="api/xmlsec-reference.html">API reference</a></li>
+<li><a href="api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="xmlenc.html">XML Encryption</a></li>
+<li><a href="c14n.html">XML Canonicalization</a></li>
+<li><a href="bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="related.html">Related</a></li>
+<li><a href="authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<div align="center">
+            <h1>Documentation</h1>
+            </div>
+<ul>
+<li>
+<a href="related.html#books">Books</a><br>
+</li>
+              <li><a href="faq.html">F.A.Q.</a></li>
+              <li><a href="api/xmlsec-notes.html">Tutorial</a></li>
+              <li>
+                <a href="api/xmlsec-reference.html">API Reference Manual</a>
+(automaticaly generated from sources using gtk-doc utility)</li>
+              <li><a href="api/xmlsec-examples.html">Examples</a></li>
+              <li><a href="xmlsec-man.html">xmlsec utility man page</a></li>
+              <li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing
+list archive</a></li>
+            </ul>
+</td></tr></table></td>
+</tr></table></body>
+</html>

data/vendor/xmlsec1-1.2.18/docs/download.html ADDED

@@ -0,0 +1,115 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>XML Security Library: Download</title>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="index.html">Home</a></li>
+<li><a href="download.html">Download</a></li>
+<li><a href="news.html">News</a></li>
+<li><a href="documentation.html">Documentation</a></li>
+<ul>
+<li><a href="faq.html">FAQ</a></li>
+<li><a href="api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="api/xmlsec-reference.html">API reference</a></li>
+<li><a href="api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="xmlenc.html">XML Encryption</a></li>
+<li><a href="c14n.html">XML Canonicalization</a></li>
+<li><a href="bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="related.html">Related</a></li>
+<li><a href="authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<div align="Center">
+      <h1>Download</h1>
+      </div>
+<h2>Stable releases.</h2>
+<p>The latest stable XML Security Library version is <b>1.2.18</b>:</p>
+<ul>
+<li>
+        <a href="http://www.aleksey.com/xmlsec/download/xmlsec1-1.2.18.tar.gz">Sources
+	for latest version</a>.
+    </li>
+    <li>
+	<a href="http://www.zlatkovic.com/projects/libxml/index.html">Windows
+	binaries</a> for XMLSec Library (as well as LibXML2, LibXSLT and OpenSSL)
+	from <a href="mailto:igor@zlatkovic.com">Igor Zlatkovic</a>.
+    </li>
+    <li>XMLSec Library is included as part of Debian GNU/Linux. For more
+	information see the <a href="http://memebeam.org/toys/DebianXmlsec">coordination page</a>.
+    </li>
+    <li>XMLSec Library <a href="http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/xmlsec/">FreeBSD</a>
+	and <a href="http://www.openbsd.org/cgi-bin/cvsweb/ports/security/xmlsec/">OpenBSD</a>
+	ports.
+    </li>
+</ul>
+<p>The <a href="ftp://ftp.aleksey.com/pub/xmlsec/releases/">previous releases</a> are also available.</p>
+<h2>Requirements</h2>
+<p>
+    The XML Security Library requires:
+    </p>
+<ul>
+<li><a href="http://xmlsoft.org/downloads.html">LibXML</a></li>
+    <li>
+<a href="http://xmlsoft.org/XSLT/downloads.html">LibXSLT</a> (optional)</li>
+</ul>
+<p>and one of the following cryptographic libraries:</p>
+<ul>
+<li>
+<a href="http://www.openssl.org/">OpenSSL</a> version 0.9.8
+	(it also should work with 0.9.7 and 0.9.6 but some features
+	would be disabled).
+        </li>
+	<li>
+<a href="http://www.gnu.org/software/gnutls/">GnuTLS</a>
+	</li>
+	<li>
+<a href="http://www.gnu.org/directory/security/libgcrypt.html">Libgcrypt</a>
+	</li>
+        <li>
+<a href="http://www.mozilla.org/projects/security/pki/nss/">NSS</a> -
+	Mozilla cryptographic library.
+	</li>
+    </ul>
+<h2>Installation (source archive)</h2>
+<p>
+      All steps are usual:<br></p>
+<blockquote>
+<code>gunzip -c xmlsec1-xxx.tar.gz | tar xvf -</code><br><code>cd xmlsec1-xxxx</code><br><code>./configure --help</code><br><code>./configure [possible options] </code><br><code>make</code><br><code>make install</code><br><code>make check</code>
+</blockquote>
+<p>
+       The last step is optional and requires Internet connection to execute
+       some tests.<br></p>
+<h2>GIT</h2>
+<p>XML Security Library is available from the
+<a href="http://live.gnome.org/Git/Developers">Gnome GIT</a>
+(the module name is <b>xmlsec</b>). The online XMLSec
+<a href="http://git.gnome.org/cgit/xmlsec">source browser</a>
+is also available.
+</p>
+</td></tr></table></td>
+</tr></table></body>
+</html>

data/vendor/xmlsec1-1.2.18/docs/faq.html ADDED

@@ -0,0 +1,449 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>XML Security Library: Documentation</title>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="index.html">Home</a></li>
+<li><a href="download.html">Download</a></li>
+<li><a href="news.html">News</a></li>
+<li><a href="documentation.html">Documentation</a></li>
+<ul>
+<li><a href="faq.html">FAQ</a></li>
+<li><a href="api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="api/xmlsec-reference.html">API reference</a></li>
+<li><a href="api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="xmlenc.html">XML Encryption</a></li>
+<li><a href="c14n.html">XML Canonicalization</a></li>
+<li><a href="bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="related.html">Related</a></li>
+<li><a href="authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<div align="center">
+            <h1>Frequently Asked Questions</h1>
+            </div>
+<h3>0. Where can I read more about XML Signature and XML
+Encryption?</h3>
+<p>First of all, read the original specifications: <a href="http://www.w3.org/Signature/">XML Digital Signature</a> and <a href="http://www.w3.org/Encryption/">XML Encrytpion</a>. Also there <a href="related.html#books">several books</a> available that can
+help you get started.<br></p>
+<h3>1. License(s).</h3>
+<h4> <a name="section_1_1"></a>1.1. Licensing Terms for
+xmlsec.</h4>
+<p> XML Security Library is released under the <a href="http://www.opensource.org/licenses/mit-license.html">MIT License</a>,
+see the file Copyright in the distribution for the precise wording. </p>
+<h4> <a name="section_1_2"></a>1.2. Can I use xmlsec with
+proprietary application or
+library? Can I use xmlsec with a GNU GPL application or library?</h4>
+<p>Probably, you will need to ask a lawyer. But not-a-lawyer answer
+can be found in the following table:
+</p>
+<table style="text-align: left; width: 85%; margin-left: auto; margin-right: auto;" border="1" cellpadding="2" cellspacing="2"><tbody>
+<tr>
+<td style="vertical-align: top; font-weight: bold;">XML
+Security Library module<br>
+</td>
+                  <td style="vertical-align: top; font-weight: bold;">Dependencies<br>
+</td>
+                  <td style="vertical-align: top; font-weight: bold;">Dependencies
+License<br>
+</td>
+                  <td style="vertical-align: top; font-weight: bold;">Using
+with proprietary
+applications/libraries<br>
+</td>
+                  <td style="vertical-align: top; font-weight: bold;">Using
+with MIT/BSD applications/libraries <br>
+</td>
+                  <td style="vertical-align: top; font-weight: bold;">Using
+with GPL
+applications/libraries<br>
+</td>
+                </tr>
+<tr>
+<td style="vertical-align: top;">xmlsec-core<br>
+</td>
+                  <td style="vertical-align: top;">
+<a href="http://xmlsoft.org">LibXML2</a>/<a href="http://xmlsoft.org/XSLT">LibXSLT</a>
+                  </td>
+                  <td style="vertical-align: top;"><a href="http://www.opensource.org/licenses/mit-license.html">MIT License</a></td>
+                  <td style="vertical-align: top;">Yes.<br>
+</td>
+                  <td style="vertical-align: top;">Yes.<br>
+</td>
+                  <td style="vertical-align: top;">Yes.<br>
+</td>
+                </tr>
+<tr>
+<td style="vertical-align: top;">xmlsec-openssl (also
+requires
+xmlsec-core library)<br>
+</td>
+                  <td style="vertical-align: top;"><a href="http://www.openssl.org">OpenSSL<br></a></td>
+                  <td style="vertical-align: top;">OpenSSL License<br>
+</td>
+                  <td style="vertical-align: top;">Yes.<br>
+</td>
+                  <td style="vertical-align: top;">Yes.</td>
+                  <td style="vertical-align: top;">May be. <a href="http://www.openssl.org/support/faq.cgi#LEGAL2">OpenSSL FAQ</a>
+states that OpenSSL library is covered by a <a href="http://www.gnu.org/licenses/gpl-faq.html#WritingFSWithNFLibs">special
+GPL exception</a> thus it could be used in GPLed
+applications/libraries. However, some people think that this is not
+true (<a href="http://lists.debian.org/debian-legal/2002/debian-legal-200210/msg00173.html">one</a>
+and <a href="http://lists.debian.org/debian-legal/2002/debian-legal-200205/msg00127.html">two</a>).
+                  </td>
+                </tr>
+<tr>
+<td style="vertical-align: top;">xmlsec-gnutls (also
+requires
+xmlsec-core library) </td>
+                  <td style="vertical-align: top;">
+<a href="http://www.gnu.org/software/gnutls/">GnuTLS</a><br>
+</td>
+                  <td style="vertical-align: top;">
+<a href="http://www.opensource.org/licenses/gpl-license.php">GPL</a><br>
+</td>
+                  <td style="vertical-align: top;">Yes, but only if
+the application is not distributed.<br>
+</td>
+                  <td style="vertical-align: top;">Yes.</td>
+                  <td style="vertical-align: top;">Yes.<br>
+</td>
+                </tr>
+<tr>
+<td style="vertical-align: top;">xmlsec-gcrypt (also
+requires
+xmlsec-core library) </td>
+                  <td style="vertical-align: top;">
+<a href="http://www.gnupg.org/">LibGCrypt</a><br>
+</td>
+                  <td style="vertical-align: top;">
+<a href="http://www.opensource.org/licenses/gpl-license.php">GPL</a><br>
+</td>
+                  <td style="vertical-align: top;">Yes, but only if
+the application is not distributed.<br>
+</td>
+                  <td style="vertical-align: top;">Yes.</td>
+                  <td style="vertical-align: top;">Yes.<br>
+</td>
+                </tr>
+<tr>
+<td style="vertical-align: top;">xmlsec-nss (also
+requires
+xmlsec-core library) </td>
+                  <td style="vertical-align: top;">
+<a href="http://www.mozilla.org/projects/security/pki/nss/">NSS</a><br>
+</td>
+                  <td style="vertical-align: top;">Dual licensing: <a href="http://www.opensource.org/licenses/mozilla1.0.php">Mozilla
+Public License</a> and <a href="http://www.opensource.org/licenses/gpl-license.php">GPL</a> </td>
+                  <td style="vertical-align: top;">Yes.<br>
+</td>
+                  <td style="vertical-align: top;">Yes.</td>
+                  <td style="vertical-align: top;">Probably yes, but at
+the time I
+am writing this there are some <a href="http://bugzilla.mozilla.org/show_bug.cgi?id=217162">unresolved
+issues</a>.<br>
+</td>
+                </tr>
+<tr>
+<td style="vertical-align: top;">xmlsec-mscrypto
+(also requires
+xmlsec-core library) </td>
+                  <td style="vertical-align: top;">
+<a href="http://msdn.microsoft.com/security/">MSCrypto API</a><br>
+</td>
+                  <td style="vertical-align: top;">Microsoft licensing:
+The libraries are part of MS Windows, and are also distributed with
+Internet Explorer. </td>
+                  <td style="vertical-align: top;">Unknown.<br>
+</td>
+                  <td style="vertical-align: top;">Unknown.</td>
+                  <td style="vertical-align: top;">Unknown.</td>
+                </tr>
+</tbody></table>
+<p>If you have questions about XML Security Library
+licensing then feel free to send these questions to the <a href="bugs.html">mailing list</a>.<br></p>
+<h3>2. Installation.</h3>
+<h4> <a name="section_2_1"></a>2.1. Where can I get xmlsec?</h4>
+<p> The original distribution comes from <a href="http://www.aleksey.com/xmlsec/">XML Security Library page</a>.
+</p>
+<h4> <a name="section_2_2"></a>2.2. How to compile xmlsec?</h4>
+<p> On Unix just follow the "standard": </p>
+<blockquote> <code>gunzip -c xmlsec-xxx.tar.gz | tar xvf -</code><br><code>cd xmlsec-xxxx</code><br><code>./configure --help</code><br><code>./configure [possible options] </code><br><code>make</code><br><code>make check</code><br><code>make install</code> </blockquote>
+<p> At that point you may have to rerun ldconfig or similar
+utility to update your list of installed shared libs.<br>
+On Windows the process is more complicated. Please check readme file in
+            <code>xmlsec-xxxx/win32</code> folder. </p>
+<h4> <a name="section_2_3"></a>2.3. What other libraries
+are
+needed to compile/install
+xmlsec?</h4>
+<p> The XML Security Library requires: </p>
+<ul>
+<li><a href="http://xmlsoft.org/downloads.html">LibXML</a></li>
+              <li>
+<a href="http://xmlsoft.org/XSLT/downloads.html">LibXSLT</a>
+(optional)</li>
+            </ul>
+<ul>
+<li> <a href="http://www.openssl.org/">OpenSSL</a>
+version
+0.9.7 (prefered or later) or version 0.9.6. </li>
+<li>
+<a href="http://www.gnu.org/software/gnutls/">GnuTLS</a>
+</li>
+<li>
+<a href="http://www.gnu.org/directory/security/libgcrypt.html">Libgcrypt</a>
+</li>
+<li>
+<a href="http://www.mozilla.org/projects/security/pki/nss/">NSS</a> -
+Mozilla cryptographic library. </li>
+            </ul>
+<h4> <a name="section_2_4"></a>2.4. Why does make check
+fail
+for some tests?</h4>
+<p> First of all, some tests <b>must</b> fail! Please read
+the messages printed before the tests.<br>
+If you have other failed tests then the next possible reason is that
+you use OpenSSL 0.9.6 and some xmlsec features are disabled in this
+case. Please try to upgrade to OpenSSL 0.9.7 and
+re-configure/re-compile xmlsec.<br>
+if this does not help then probably there is a bug in the xmlsec or in
+the xmlsec tests. Please submit the <a href="http://www.aleksey.com/xmlsec/bugs.html">bug report</a> and I'll
+try to fix it. </p>
+<h4> <a name="section_2_5"></a>2.5. I get the xmlsec
+sources
+from CVS and there is no
+configure script. Where can I get it?</h4>
+<p> The configure (and other Makefiles) are generated. Use
+the <code>autogen.sh</code> script to regenerate the configure and
+Makefiles, like: </p>
+<blockquote> <code>./autogen.sh --prefix=/usr</code> </blockquote>
+<h4> <a name="section_2_6"></a>2.6. I do not need all
+these
+features supported by
+xmlsec. Can I disable some of them?</h4>
+<p> Yes, you can. Please run <code>./configure --help</code>
+for the list of possible configuration options. </p>
+<h4> <a name="section_2_7"></a>2.7. I am compiling XMLSec
+library on Windows and it
+does not compile (crashes right after the launch). Can you help me?</h4>
+<p> There are several possible reasons why you might have
+problems on Windows. All of them originated in the MS C compiler/linker
+and are specific to Windows. Thanks to Igor Zlatkovic for writing these
+long explanations. </p>
+<p> <b>1) Incorrect MS C runtime libraries.</b> </p>
+<p>Windows basically has two C runtimes. The one is called
+libc.lib and can only be linked to statically. The other is called
+msvcrt.dll and can only be linked to dynamically. The first one occurs
+in its single-threaded and multithreaded variant, which gives three
+different runtimes. These three then live in their debug and release
+incarnations, which results in six C runtimes. Worse, different versions
+of Microsoft Visual C/C++ have different runtimes (e.g. MSVC 6.0
+runtime is not compatible with .NET 2003 runtime). The rule is simple:
+exactly the same runtime must be used throughout the application.
+Client code must use the same runtime as XMLSec, LibXML, LibXSLT,
+OpenSSL or any other library used.<br>
+If you downloaded XMLSec, LibXML, LibXSLT and OpenSSL binaries from
+Igor's <a href="http://www.zlatkovic.com/projects/libxml/index.html">page</a>
+then all libraries are all linked to msvcrt.dll (Multithreaded DLL; /MD
+compiler switch). The click-next click-finish wizardry from Visual
+Studio chooses the single-threaded libc.lib as the default when you
+create a new project. And this causes great problems because you
+program crashes on first IO operation, first malloc/free from different
+runtimes or something even more trivial.<br>
+Do not forget that tf you need a different runtime for some reason,
+then you MUST recompile not only XMLSec, but LibXML, LibXSLT and
+OpenSSL as well. </p>
+<p> <b>2) Static linking without correct defines.</b> </p>
+<p>When people link statically to XMLSec, then they must <code>#define
+XMLSEC_STATIC</code> in their source files before including any XMLSec
+header. Almost none is doing that :) This macro has no effect on Unix,
+but it is vital on Windows.<br>
+This applies to LibXML and LibXSLT as well, no matter if these are used
+directly or not. If just XMLSec is used, but everything is linked
+statically, then there must be a </p>
+<blockquote><code> #define LIBXML_STATIC<br>
+#define LIBXSLT_STATIC<br>
+#define XMLSEC_STATIC<br></code></blockquote>
+<p> before any xmlsec header is included. Even if the
+client code doesn't call into libxml at all, still this must be
+defined. XMLSec headers will include LibXML headers and they must have
+these definitions. Without them, every variable XMLSec includes from
+LibXML headers will have <code>__declspec(dllimport)</code> prepended
+and that will give headaches if static LibXML is used for linking.<br>
+This scheme makes it possible to have any combination of static and
+dynamic libraries in the resulting executable. Its cost is the need to <code>#define</code>
+apropriate macros. People would ideally define them by using the
+compiler's <code>/D</code> switch in projects that link statically. </p>
+<h3>3. Developing with XMLSec.</h3>
+<h4> <a name="section_3_1"></a>3.1.
+xmlSecDSigCtxValidate()
+function returned 0. Does
+this mean that the signature is valid?</h4>
+<b>No!</b><p> Function xmlSecDSigCtxValidate() returns 0 when there
+were no <i>processing</i> errors during signature validation (i.e. the
+document has correct syntax, all keys were found, etc.). The signature
+is valid if and only if the xmlSecDSigCtxValidate() function returns 0 <b>and</b>
+the <code>status</code> member of the <code>xmlSecDSigCtx</code>
+structure is equal to <code>xmlSecDSigStatusSucceeded</code>. </p>
+<h4> <a name="section_3_2"></a>3.2. I am trying to sign
+use a
+part of XML document using an "Id" attribute but it does not work. Do
+you support "Id" attributes at all?</h4>
+<p><span style="font-weight: bold;">Yes. </span>LibXML2
+and XMLSec libraries do support ID attributes. However, you have to
+tell LibXML2/XMLSec what is the name of <span style="font-weight: bold;">your </span>ID attribute. XML
+specification does not require ID attribute to have name "Id" or "id".
+It can be anything you want! <br></p>
+<br><code>Id</code><code>Data</code><blockquote><code> &lt;?xml version="1.0"
+encoding="UTF-8"&gt;<br>
+&lt;Root&gt;<br>
+&lt;Data Id="1234"&gt;<br>
+The data I want to sign<br>
+&lt;/Data&gt;<br>
+&lt;/Root&gt;<br></code></blockquote>
+<p>One can use a simple DTD: </p>
+<blockquote><code> &lt;!DOCTYPE test [<br>
+&lt;!ATTLIST Data Id ID #IMPLIED&gt;<br>
+]&gt;<br></code></blockquote>
+<p> The DTD might be directly included in the XML file or
+located in a standalone file. In the second case, you might load the
+DTD in xmlsec command line utility with "--dtd-file" option. <br></p>
+<p>2) Use <a href="http://www.w3.org/TR/xml-id/">xml:id</a>.
+This is a new W3C Working Draft and not all XML parsers support it now
+(LibXML2 does!). <br></p>
+<p>3) Application can directly declare ID attribute to
+LibXML2/XMLSec. If you are using xmlsec command line utility see
+"--id-attr" option. If you are writing a C/C++ application
+yourself, call<code>xmlAddID</code> function.
+However, this approach might make you signature non-interoperable with
+other
+XMLDSig implementations.<br></p>
+<h4>
+<a name="section_3_3"></a>3.3.<span style="font-weight: bold;"> </span>I am trying to sign an
+XML document and I have a
+warning about "empty nodes set". Should I worry about this?</h4>
+<p> Most likely <b>yes</b>. When it's not an error from
+specification point of view, I can hardly imagine a real world case
+that requires signing an empty nodes set (i.e. signing an empty
+string). Most likely, you have this error because you are trying to use
+ID attribute and you do not provide a DTD for the document (see <a href="faq.html#section_3_2">section 3.2</a>
+about ID
+attributes).<br></p>
+<h4> </h4>
+<h4>
+<a name="section_3_4"></a>3.4. I am trying to
+sign/validate a document but
+xmlXPtrEval function can't evaluate "xpointer(id('XXXXXXX'))"
+expression. What's wrong?</h4>
+<p>First of all, read <a href="#section_3_2">section 3.2</a>
+about ID
+attributes.
+If you have tried to declare required ID attribute in DTD and
+you still have problems then I would guess that you are playing with
+Visa 3D protocol. This protocol tries to reference to an "id" attribute
+defined as CDATA instead of ID in the DTD (it is impossible in XML as
+described in <a href="#section_3_2">section 3.2</a>). Even worse, the
+value
+of this Visa 3D "id" attribute may start from number or contain "+" or
+"/" and this breakes <a href="http://www.w3.org/TR/REC-xml#sec-attribute-types">XML
+specification</a> again. Based on this, I have to say that Visa
+3D protocol does not use XML or XMLDSig specifications. And if you can
+then you should
+probably let Visa guys know about this problem (thought it was already
+done
+several times).</p>
+<p>The only good solution for this problem is changing Visa
+3D protocol.
+However,
+it might take time. As a short term solution you can use a special
+"Visa 3D
+hack" in xmlsec. Please note, that nobody (including me) knows what
+else
+might be broken in your application if you decide to use this hack. You
+are on
+your own here because this hack makes your application to work with
+non-XML
+and non-XMLDSig but some "Visa 3D" files. </p>
+<p>In order to process "Visa 3D" documents, you need to do
+two things: </p>
+<ul>
+<li>Register ID attributes manually (<code>xmlAddID</code>
+function or <code>--id-attr</code> option for xmlsec command line
+utility).</li>
+              <li>Enable Visa 3D hack in XML DSig context (<code>dsigCtx-&gt;flags
+|= XMLSEC_DSIG_FLAGS_USE_VISA3D_HACK</code> or <code>--enable-visa3d-hack</code>
+option for xmlsec command line utility).</li>
+            </ul>
+<b>This is a hack</b><b>. You are warned!</b><br><p><b>UPDATE:</b> It appears that recent version (Novemeber, 2005)
+of Visa3D DTD does have this problem corrected and now "id" attribute
+is declared as ID. Just get the new DTD and everything should work
+without this hack.</p>
+<h4>
+<a name="section_3_5"></a>3.5. I have a document signed
+with a certificate that
+is now expired. Can I verify this signature?</h4>
+<p> Yes, you can. However, you need to be carefull. Most
+likely you do want to make sure that the certificate was not expired
+when the document was signed. The <a href="http://www.w3.org/Signature">XML
+Digital Signature</a> specification does not have a standard way to
+include the signature timestamp. Which means that you need to define
+where to put timestamp by yourself. Please note, that the timestamp <b>must</b>
+be signed along with the other data.<br>
+Finaly set the desired verification time in <code>certsVerificationTime</code>
+member of the <code>xmlSecKeyInfoCtx</code> structure. </p>
+<p> If you are using xmlsec command line utility then you
+can use <code>--verification-time &lt;time&gt;</code> option (where <code>&lt;time&gt;</code>
+is the local system time in the "<code>YYYY-MM-DD HH:MM:SS</code>"
+format). </p>
+<h4> <a name="section_3_6"></a>3.6. I really like the
+XMLSec
+library but it is based
+on OpenSSL and I have to use another crypto library in my application.
+Can you write code to support my crypto library?</h4>
+<p> The XMLSec library has a very modular structure and
+there should be no problem with using another crypto library. For
+example, XMLSec already supports <a href="http://www.mozilla.org/projects/security/pki/nss/">NSS</a>,
+MSCrypto API and <a href="http://www.gnu.org/software/gnutls/gnutls.html">GnuTLS</a>.
+Check the latest release and/or the mailing list and you might find
+that your library is already supported or someone working on it.<br>
+If you are not so lucky, then you can either write some code by
+yourself or contact me in private email to discuss possible options. </p>
+<h4> <a name="section_3_7"></a>3.7. I really like the
+XMLSec
+library but it does not
+have cipher or transform that I need. Can you write code for me?</h4>
+<p> The XMLSec library has a very modular structure and
+there should be easy to add any cipher or other transform. Again, you
+can either write some code by yourself or try to talk to me in private
+email. </p>
+</td></tr></table></td>
+</tr></table></body>
+</html>