[shibboleth-sp2] 26/89: SSPCPP-641 - add ability to set SOAP cipher suites

[Ferenc Wágner]

This is an automated email from the git hooks/post-receive script.

wferi pushed a commit to branch master
in repository shibboleth-sp2.

commit 49d3c7119632c5ece8f7cdd54bd8e206bc67533f
Author: Scott Cantor <cantor.2 at osu.edu>
Date:   Thu May 12 19:44:48 2016 -0400

    SSPCPP-641 - add ability to set SOAP cipher suites
    
    https://issues.shibboleth.net/jira/browse/SSPCPP-641
---
 schemas/shibboleth-2.0-native-sp-config.xsd | 1 +
 shibboleth.spec.in                          | 8 ++++----
 shibsp/binding/impl/SOAPClient.cpp          | 9 +++++++++
 3 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/schemas/shibboleth-2.0-native-sp-config.xsd b/schemas/shibboleth-2.0-native-sp-config.xsd
index 7095253..046dd66 100644
--- a/schemas/shibboleth-2.0-native-sp-config.xsd
+++ b/schemas/shibboleth-2.0-native-sp-config.xsd
@@ -462,6 +462,7 @@
     <attribute name="chunkedEncoding" type="boolean"/>
     <attribute name="connectTimeout" type="unsignedShort"/>
     <attribute name="timeout" type="unsignedShort"/>
+    <attribute name="cipherSuites" type="string"/>
     <attribute name="requireConfidentiality" type="boolean"/>
     <attribute name="requireTransportAuth" type="boolean"/>
     <attribute name="requireSignedAssertions" type="boolean"/>
diff --git a/shibboleth.spec.in b/shibboleth.spec.in
index fef3ece..29b8249 100644
--- a/shibboleth.spec.in
+++ b/shibboleth.spec.in
@@ -11,9 +11,9 @@ BuildRoot:	%{_tmppath}/%{name}-sp-%{version}-root
 Obsoletes:	shibboleth-sp = 2.5.0
 Requires:	openssl
 %if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600 || 0%{?amzn} >= 1
-PreReq:		xmltooling-schemas%{?_isa} >= 1.5.5, opensaml-schemas%{?_isa} >= 2.6.0
+PreReq:		xmltooling-schemas%{?_isa} >= 1.6.0, opensaml-schemas%{?_isa} >= 2.6.0
 %else
-PreReq:		xmltooling-schemas >= 1.5.5, opensaml-schemas >= 2.6.0
+PreReq:		xmltooling-schemas >= 1.6.0, opensaml-schemas >= 2.6.0
 %endif
 %if 0%{?suse_version} > 1030 && 0%{?suse_version} < 1130
 PreReq:		%{insserv_prereq} %{fillup_prereq}
@@ -27,7 +27,7 @@ BuildRequires:	libxerces-c-devel >= 3.1
 %endif
 %endif
 BuildRequires:	libxml-security-c-devel >= 1.7.3
-BuildRequires:	libxmltooling-devel >= 1.5.5
+BuildRequires:	libxmltooling-devel >= 1.6.0
 BuildRequires:	libsaml-devel >= 2.6.0
 %{?_with_log4cpp:BuildRequires: liblog4cpp-devel >= 1.0}
 %{!?_with_log4cpp:BuildRequires: liblog4shib-devel >= 1.0.4}
@@ -95,7 +95,7 @@ Requires:	xerces-c-devel >= 3.1
 Requires:	libxerces-c-devel >= 3.1
 %endif
 Requires: 	libxml-security-c-devel >= 1.7.3
-Requires: 	libxmltooling-devel >= 1.5.5
+Requires: 	libxmltooling-devel >= 1.6.0
 Requires: 	libsaml-devel >= 2.6.0
 %{?_with_log4cpp:Requires: liblog4cpp-devel >= 1.0}
 %{!?_with_log4cpp:Requires: liblog4shib-devel >= 1.0.4}
diff --git a/shibsp/binding/impl/SOAPClient.cpp b/shibsp/binding/impl/SOAPClient.cpp
index 46d7fe6..bbc214a 100644
--- a/shibsp/binding/impl/SOAPClient.cpp
+++ b/shibsp/binding/impl/SOAPClient.cpp
@@ -38,6 +38,7 @@
 #include <xmltooling/signature/Signature.h>
 #include <xmltooling/soap/SOAP.h>
 #include <xmltooling/soap/HTTPSOAPTransport.h>
+#include <xmltooling/soap/OpenSSLSOAPTransport.h>
 #include <xmltooling/util/NDC.h>
 
 using namespace shibsp;
@@ -219,6 +220,14 @@ void SOAPClient::prepareTransport(SOAPTransport& transport)
         http->useChunkedEncoding(flag.first && flag.second);
         http->setRequestHeader(PACKAGE_NAME, PACKAGE_VERSION);
     }
+
+    OpenSSLSOAPTransport* openssl = dynamic_cast<OpenSSLSOAPTransport*>(&transport);
+    if (openssl) {
+        pair<bool, const char*> ciphers = m_relyingParty->getString("cipherSuites");
+        if (ciphers.first) {
+            openssl->setCipherSuites(ciphers.second);
+        }
+    }
 }
 
 void SOAPClient::reset()

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-shibboleth/shibboleth-sp2.git