[shibboleth-sp2] 103/119: Remove check for RSA algorithm, block duplicate check of root signature.

Ferenc Wágner wferi-guest at moszumanska.debian.org
Tue Jan 26 21:29:55 UTC 2016


This is an automated email from the git hooks/post-receive script.

wferi-guest pushed a commit to annotated tag 1.3.1
in repository shibboleth-sp2.

commit 0432a858e91561c31a96a043cef5ddb53a4d9903
Author: Scott Cantor <cantor.2 at osu.edu>
Date:   Sat Nov 3 02:27:14 2007 +0000

    Remove check for RSA algorithm, block duplicate check of root signature.
---
 siterefresh/siterefresh.cpp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/siterefresh/siterefresh.cpp b/siterefresh/siterefresh.cpp
index 02fa356..5327626 100644
--- a/siterefresh/siterefresh.cpp
+++ b/siterefresh/siterefresh.cpp
@@ -98,7 +98,7 @@ void verifySignature(DOMDocument* doc, DOMNode* sigNode, const char* cert=NULL)
 
         // Verify the signature coverage.
         DSIGReferenceList* refs=sig->getReferenceList();
-        if (sig->getSignatureMethod()==SIGNATURE_RSA && refs && refs->getSize()==1) {
+        if (refs && refs->getSize()==1) {
             DSIGReference* ref=refs->item(0);
             if (ref) {
                 const XMLCh* URI=ref->getURI();
@@ -141,7 +141,6 @@ void verifySignature(DOMDocument* doc, DOMNode* sigNode, const char* cert=NULL)
             sig->setSigningKey(x509->clonePublicKey());
         }
         else {
-            log.warn("verifying with key inside signature, this is a sanity check but provides no security");
             XSECKeyInfoResolverDefault resolver;
             sig->setKeyInfoResolver(resolver.clone());
         }
@@ -280,7 +279,8 @@ int main(int argc,char* argv[])
         // Verify all signatures.
         DOMNodeList* siglist=doc->getElementsByTagNameNS(saml::XML::XMLSIG_NS,L(Signature));
         for (XMLSize_t i=0; siglist && i<siglist->getLength(); i++)
-            verifySignature(doc,siglist->item(i),cert_param);
+            if (siglist->item(i) != rootSig)
+                verifySignature(doc,siglist->item(i),cert_param);
 
         if (out_param) {
             // Output the data to the specified file.

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-shibboleth/shibboleth-sp2.git



More information about the Pkg-shibboleth-devel mailing list