[shibboleth-sp2] 01/119: Relax use restriction on signing keys to match expected 2.0 rules.

[Ferenc Wágner]

This is an automated email from the git hooks/post-receive script.

wferi-guest pushed a commit to annotated tag 1.3.1
in repository shibboleth-sp2.

commit ecbf439d6b0ecc16c66bc9a8de89322d1928e68d
Author: Scott Cantor <cantor.2 at osu.edu>
Date:   Wed Dec 13 18:09:00 2006 +0000

    Relax use restriction on signing keys to match expected 2.0 rules.
---
 shib/BasicTrust.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/shib/BasicTrust.cpp b/shib/BasicTrust.cpp
index f3c7e91..d560669 100644
--- a/shib/BasicTrust.cpp
+++ b/shib/BasicTrust.cpp
@@ -156,7 +156,7 @@ bool BasicTrust::validate(const saml::SAMLSignedObject& token, const IRoleDescri
     Iterator<const IKeyDescriptor*> kd_i=role->getKeyDescriptors();
     while (kd_i.hasNext()) {
         const IKeyDescriptor* kd=kd_i.next();
-        if (kd->getUse()!=IKeyDescriptor::signing)
+        if (kd->getUse()==IKeyDescriptor::encryption)
             continue;
         DSIGKeyInfoList* KIL=kd->getKeyInfo();
         if (!KIL)

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-shibboleth/shibboleth-sp2.git