On Sun, Mar 09, 2008 at 10:47:43AM +0100, Jean-Marc Desperrier wrote: > Hi, > > I found a limitation in libxml2 schema validation that is really > annoying in the context of xml:dsig. > (after writing the first version of this bug, I found out it's already > reported in bug 350248) > The xs:integer type is limited to handling at most 24 digit integers. > The trouble is that that the X509SerialNumber field in the xml dsig > schema uses that type ( > http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd ), and x509 > certificate serial number can have a size of up to 20 byte (in > 2-complement binary representation). > > A generic solution to handle integers of any size would probably be > hard, but would it be possible to have a work around just for that case > ? Currently, libxml2 hard codes the the size limit to 24 digits because > it then stores the value in 3 long integer variables. Using 5 variables > might be enough to handle the values X509SerialNumber will take. > > What would be the consequences of removing the test for the 24 digits on > a local instance of libxml2 ? Just making facets applied to integer > larger than the limit buggy ?
the problem is then we would have no way to store the value. I think having a disconnection between what we accept in the representation and what we handle in the type system, would be very confusing in general. > I see Daniel complains in the bug that using integer for this field is > just a bad choice, but the trouble is that it's in the xml:dsig norm, > that has been accepted as a W3C Recommendation. > http://www.w3.org/TR/xmldsig-core/ > I approve it's been badly conceived, another point that shows that is > that almost all X509 experts don't understand why that field uses > decimal, and think it should be using hexadecimal instead. If you provide a patch to grow to 5 long and it doesn't look silly I may apply it to avoid the problem, but really this is a bad case of misuse affecting implementation. Daniel -- Red Hat Virtualization group http://redhat.com/virtualization/ Daniel Veillard | virtualization library http://libvirt.org/ [EMAIL PROTECTED] | libxml GNOME XML XSLT toolkit http://xmlsoft.org/ http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/ _______________________________________________ xml mailing list, project page http://xmlsoft.org/ [email protected] http://mail.gnome.org/mailman/listinfo/xml
