[shibboleth-sp2] 103/119: Remove check for RSA algorithm, block duplicate check of root signature.
Ferenc Wágner
wferi-guest at moszumanska.debian.org
Tue Jan 26 21:29:55 UTC 2016
This is an automated email from the git hooks/post-receive script.
wferi-guest pushed a commit to annotated tag 1.3.1
in repository shibboleth-sp2.
commit 0432a858e91561c31a96a043cef5ddb53a4d9903
Author: Scott Cantor <cantor.2 at osu.edu>
Date: Sat Nov 3 02:27:14 2007 +0000
Remove check for RSA algorithm, block duplicate check of root signature.
---
siterefresh/siterefresh.cpp | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/siterefresh/siterefresh.cpp b/siterefresh/siterefresh.cpp
index 02fa356..5327626 100644
--- a/siterefresh/siterefresh.cpp
+++ b/siterefresh/siterefresh.cpp
@@ -98,7 +98,7 @@ void verifySignature(DOMDocument* doc, DOMNode* sigNode, const char* cert=NULL)
// Verify the signature coverage.
DSIGReferenceList* refs=sig->getReferenceList();
- if (sig->getSignatureMethod()==SIGNATURE_RSA && refs && refs->getSize()==1) {
+ if (refs && refs->getSize()==1) {
DSIGReference* ref=refs->item(0);
if (ref) {
const XMLCh* URI=ref->getURI();
@@ -141,7 +141,6 @@ void verifySignature(DOMDocument* doc, DOMNode* sigNode, const char* cert=NULL)
sig->setSigningKey(x509->clonePublicKey());
}
else {
- log.warn("verifying with key inside signature, this is a sanity check but provides no security");
XSECKeyInfoResolverDefault resolver;
sig->setKeyInfoResolver(resolver.clone());
}
@@ -280,7 +279,8 @@ int main(int argc,char* argv[])
// Verify all signatures.
DOMNodeList* siglist=doc->getElementsByTagNameNS(saml::XML::XMLSIG_NS,L(Signature));
for (XMLSize_t i=0; siglist && i<siglist->getLength(); i++)
- verifySignature(doc,siglist->item(i),cert_param);
+ if (siglist->item(i) != rootSig)
+ verifySignature(doc,siglist->item(i),cert_param);
if (out_param) {
// Output the data to the specified file.
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-shibboleth/shibboleth-sp2.git
More information about the Pkg-shibboleth-devel
mailing list