This is not an issue for openssl developers because it does not require
fixes or changes to the openssl code. Unfortunately I don't know of a
list for general xml-signature questions.

If I cut and paste your fragment into a file and edit it to be one long
line, I get
; openssl sha1 -binary zGmy1cl7mjWBJPXwPVeOSAlB79c=

Which doesn't match either value in your message.

I suspect that your canonicalization code is wrong. I would edit the code
to print out the bytestream that is sent into the SHA1 hash.

If you need production-quality XML signature code you should probably use
whatever Apache has these days and/or the xmlsec library.

/r$

--
STSM, Senior Security Architect
DataPower SOA Appliances
http://www.ibm.com/software/integration/datapower/

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org