Re: [ebxmlms-develop] Signed sync acks not being verified correctly by Hermes

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Mayne, Peter wrote:

> We have signed messages being successfully passed back and forth betwee=
n=20
> us and our business partner (using Hermes from a CVS export this mornin=
g).
>=20
> They can send us a signed message, and our signed sync ack is sent and=20
> received successfully.
>=20
> However, if we send them a signed message, their signed sync ack is not=
=20
> verified, due to the calculated digest being different to the unverifie=
d=20
> digest.
>=20
> If I add some debugging code to write the bad message to a file, and us=
e=20
> the signature tool to verify it, it verifies correctly.
>=20
> Does anyone have any idea why a signed syn ack might not verify=20
> correctly in Hermes, but verify correctly with the signature tool?
>=20
> (This leads to another feature request. Can an option be added to Herme=
s=20
> so that bad messages are written to a "bad messages" directory, so we=20
> can investigate them, rather than being thrown away, which makes proble=
m=20
> solving a bit difficult.)
>=20
> Thanks.
>=20
> PJDM
> --=20
> Peter Mayne
> Technology Consultant
> Spherion Technology Solutions
> Level 1, 243 Northbourne Avenue, Lyneham, ACT, 2602
> T: 61 2 62689727  F: 61 2 62689777
>=20
Peter,

I think I saw the same some weeks ago. For me, this current version=20
does'nt verify acknowledge signature and original sended message=20
signature, as explained in ebxml.org "Message Service Specification 2.0"=20
6.3.2.5 lines 1560 to 1563.
Actually, this is the only one variation to the normative document, I met.
We resolve the this by patching the code.

Regards,

Olivier Mo=EFses