This is not an issue for openssl developers because it does not require
fixes or changes to the openssl code. Unfortunately I don't know of a
list for general xml-signature questions.

If I cut and paste your fragment into a file and edit it to be one long
line, I get
; openssl sha1 -binary zGmy1cl7mjWBJPXwPVeOSAlB79c=

Which doesn't match either value in your message.

I suspect that your canonicalization code is wrong. I would edit the code
to print out the bytestream that is sent into the SHA1 hash.

If you need production-quality XML signature code you should probably use
whatever Apache has these days and/or the xmlsec library.


STSM, Senior Security Architect
DataPower SOA Appliances

__________________________________________________ ____________________
OpenSSL Project
Development Mailing List
Automated List Manager