xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx | 7 +++++++
1 file changed, 7 insertions(+)
New commits:
commit b78684d744319d5a7ac536f1564378816cc9ddce
Author: Miklos Vajna <vmik...@collabora.com>
AuthorDate: Tue Dec 21 14:47:53 2021 +0100
Commit: Andras Timar <andras.ti...@collabora.com>
CommitDate: Tue Dec 21 14:52:00 2021 +0100
xmlsecurity nss: log what XML DOM node is given to libxmlsec
We have two environments where the signature and the stream bytes are
the same, still in one case the signature verification succeeds and in
the other case the hash doesn't match.
Log the signature as parsed into a DOM node (recursively), just case
something goes wrong during extracting a single signature from the
signatures list XML.
Change-Id: I54af71fdeb63d8ef44342f106746f938fa51f29a
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/127237
Tested-by: Andras Timar <andras.ti...@collabora.com>
Reviewed-by: Andras Timar <andras.ti...@collabora.com>
diff --git a/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx
b/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx
index b41d754f7407..f8d35af434c9 100644
--- a/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx
+++ b/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx
@@ -247,6 +247,13 @@ SAL_CALL XMLSignature_NssImpl::validate(
// We do certificate verification ourselves.
pDsigCtx->keyInfoReadCtx.flags |=
XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS;
+ xmlBufferPtr pBuf = xmlBufferCreate();
+ xmlNodeDump(pBuf, nullptr, pNode, 0, 0);
+ SAL_INFO("xmlsecurity.xmlsec", "xmlSecDSigCtxVerify input XML node is
'"
+ << reinterpret_cast<const
char*>(xmlBufferContent(pBuf))
+ << "'");
+ xmlBufferFree(pBuf);
+
//Verify signature
int rs = xmlSecDSigCtxVerify( pDsigCtx.get() , pNode );
