lasso

Author	SHA1	Message	Date
Benjamin Dauvergne	24d9c220cb	xmlsec: re-enable KeyValue nodes when reading KeyInfo descriptors (#85339 ) gitea/lasso/pipeline/head There was a failure building this commit Details KeyValue has been disabled in libxmlsec >= 1.3.3, as it can be a security liability in other settings than SAML: (xmlsec-core) Disabled KeyValue and DEREncodedKeyValue XML nodes by default. Use the '--enabled-key-data' option for the xmlsec command line utility or update the 'keyInfoCtx->enabledKeyData' parameter if you need to re-enable these nodes (also see question 3.5 in the FAQ).	2024-01-29 17:02:32 +01:00
Benjamin Dauvergne	b7b4beb6c6	xmlsec: use XMLSEC_KEYINFO_FLAGS_LAX_KEY_SEARCH when writing encrypted keys (#85339 ) For compatibility with libxmlsec1>=1.3.0, as we do not use KeyName to reference the wrapping key: (API breaking change) Changed the key search to strict mode: only keys referenced by KeyInfo are used. To restore the old "lax" mode, set XMLSEC_KEYINFO_FLAGS_LAX_KEY_SEARCH flag on xmlSecKeyInfoCtx or use '--lax-key-search' option for XMLSec command line utility.	2024-01-29 17:02:32 +01:00
Benjamin Dauvergne	ad7cad8ced	xmlsec: replace xmlSecCryptoAppKeyLoad by xmlSecCryptoAppKeyLoadEx (#85339 ) xmlSecCryptoAppKeyLoad was removed from libxmlsec1 in version >= 1.3.3: (xmlsec-core) Removed previously deprecated functions, defines, etc. xmlSecCryptoAppKeyLoadEx was introduced in libxmlsec in version 1.2.37.	2024-01-29 17:02:10 +01:00

Author

SHA1

Message

Date

Benjamin Dauvergne

24d9c220cb

xmlsec: re-enable KeyValue nodes when reading KeyInfo descriptors (#85339 )

gitea/lasso/pipeline/head There was a failure building this commit Details

KeyValue has been disabled in libxmlsec >= 1.3.3, as it can be a security
liability in other settings than SAML:

   (xmlsec-core) Disabled KeyValue and DEREncodedKeyValue XML nodes by default. Use the '--enabled-key-data' option for the xmlsec command line utility or update the 'keyInfoCtx->enabledKeyData' parameter if you need to re-enable these nodes (also see question 3.5 in the FAQ).

2024-01-29 17:02:32 +01:00

Benjamin Dauvergne

b7b4beb6c6

xmlsec: use XMLSEC_KEYINFO_FLAGS_LAX_KEY_SEARCH when writing encrypted keys (#85339 )

For compatibility with libxmlsec1>=1.3.0, as we do not use KeyName to
reference the wrapping key:

  (API breaking change) Changed the key search to strict mode: only keys referenced by KeyInfo are used. To restore the old "lax" mode, set XMLSEC_KEYINFO_FLAGS_LAX_KEY_SEARCH flag on xmlSecKeyInfoCtx or use '--lax-key-search' option for XMLSec command line utility.

2024-01-29 17:02:32 +01:00

Benjamin Dauvergne

ad7cad8ced

xmlsec: replace xmlSecCryptoAppKeyLoad by xmlSecCryptoAppKeyLoadEx (#85339 )

xmlSecCryptoAppKeyLoad was removed from libxmlsec1 in version >= 1.3.3:

  (xmlsec-core) Removed previously deprecated functions, defines, etc.

xmlSecCryptoAppKeyLoadEx was introduced in libxmlsec in version 1.2.37.

2024-01-29 17:02:10 +01:00

Compare commits

3 Commits

2c4916a621 ... 24d9c220cb

Diff Content Not Available

Compare commits

3 Commits 2c4916a621 ... 24d9c220cb

Diff Content Not Available

3 Commits

2c4916a621 ... 24d9c220cb