CC: | "Achim Adam" <achim.adam [...] univie.ac.at> |
Subject: | utf8 in toStringC14N |
Dear XML::LibXML maintainers,
We bumped into a nasty utf8 problem.
We need to use cannonicalization (c14n) to generate sha1 digests in SOAP messages, which are then signed cryptographically. XML::LibXML enables the utf8 flag on all output, using C2sv(), also in toStringC14N(). Since version 5.74, Digest::SHA does a utf8_downgrade on the strings it sums. The latter changes the c14n output string, in an example I have at hand. Hence, the sha is incorrect!
Cannonicalization is a horribly sensitive process. We would like to see the output as
bytes, not flagged to be "Perl's internal idea of utf8" which may trigger unexpected character conversions. Please, can you add a function toBytesC14N() which leaves the utf8 flag off? Probably, the output of toStringC14N is only good for print during debugging, not for automated use.
Of course, Digest::SHA should consider its parameter as bytes, not strings. So, we probably file a bug-report for that module.