SP 2.0: Metadata with EncryptionMethod elements fails to load

Scott Cantor cantor.2 at osu.edu
Fri Jan 23 05:11:34 UTC 2009

Russ Allbery wrote on 2009-01-22:
> I feel bad that I didn't catch this catalog entry and this Debian-specific
> change is causing these errors and any potential user confusion.  But...
> at this stage in the release cycle, if it's just noise in logs that this
> causes, I'm not sure it's a serious enough problem to push another change
> through the release freeze.
> Does this cause problems other than the warnings?

No. I traced the code earlier today and determined that Xerces advance-loads
any schema that's listed in a schemaLocation parser property when it starts
a new parsing operation. The property is set by XMLTooling based on the
catalog(s) its given. The loading is done with a flag set to turn any
failures into warnings that don't matter to the parser.

It wasn't my design intention to have it load everything like that even if
they never get used, but that's what they chose to do internally and I
didn't notice. "Secure" schema lookup is badly broken in XML, and very
non-portable unfortunately.

This behavior could also vary by Xerces version, in theory, but isn't going
to break anything.

-- Scott

More information about the Pkg-shibboleth-devel mailing list