http vs https for downloading schema #11
Comments
|
In order to use this package I need a NewXsdHandlerMem function. |
|
I just created a branch thanson16-pull-10 from a pending pull request which adds a NewXsdHandlerMem function. I didn't find the time yet to review it but maybe this provides useful in the meantime. |
|
Hi - first many thanks for such a nice package Please ignore my comments about the FS interface - I think I am wrong about that... I got it working by using a wrapper xsd that mapped the http url to a local file and just used a local file as the first argument instead of a URL. My code also explicitly uses http.Get() to retrieve the 2 schemas and store them on the local filesystem. The problem is with libxml2 I think - if the schema file also pulls in other schemas (as the cyclonedx one does) then one must also wrap that schema as well. So the file is this
|
|
Actually this was the reason I started using libxml2's xmlSchemaNewParserCtxt for file/url handling in the first place for I didn't want to open the can of worms of handling imports/includes/redefines. As you mentioned, probably the best workaround when dealing with https and xsd files/dependencies for now is to download those, change the schemaLocations accordingly and to use NewXsdHandlerUrl to load the top level xsd file from the file system. |
Attempting to use xsdvalidate.NewXsdHandlerUrl with the url http://cyclonedx.org/schema/bom/1.3 fails without anydetails. Investigation shows that this is because it is a redirect to a https endpoint.
This issue in xmllint
https://gitlab.gnome.org/GNOME/libxml2/-/issues/160
indicates that libxml2 will never support https and may even stop supporting its own http client.
So this is just a heads up for anyone else who may encounter this.
With the general move from http to https NewXsdHandlerUrl stands less and less chance of actually working.
The text was updated successfully, but these errors were encountered: