Skip to content
Snippets Groups Projects
Commit 5bb023ff authored by Olav Morken's avatar Olav Morken
Browse files

SAML2/SignedElementHelper: Fix getValidatingCertificates. 

This function did not properly validate signatures containing multiple
certificates (as is typical for metadata with certificate chains. The
fix is to ignore exceptions during validation.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2461 44740490-163a-0410-bde0-09ae8108e29a
parent 13d477c0
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
lib/SAML2/SignedElementHelper.php
+ 7
3
View file @ 5bb023ff
...@@ -185,9 +185,13 @@ class SAML2_SignedElementHelper implements SAML2_SignedElement { ...@@ -185,9 +185,13 @@ class SAML2_SignedElementHelper implements SAML2_SignedElement {
$key = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type'=>'public')); $key = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type'=>'public'));
$key->loadKey($pemCert); $key->loadKey($pemCert);
/* Check the signature. */ try {
if ($this->validate($key)) { /* Check the signature. */
$ret[] = $cert; if ($this->validate($key)) {
$ret[] = $cert;
}
} catch (Exception $e) {
/* This certificate does not sign this element. */
} }
} }
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment