entrouvert
/
lasso
16
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: entrouvert:d6820d8e7b6bdee75263c92a49a28f2e75a2b175
Branches Tags
entrouvert:main
entrouvert:wip/sync-packaging-2.8.0-3
entrouvert:wip/71393-pass-ldflags-to-perl-binding
entrouvert:wip/64605-debian-fonctionner-avec-le-chang
entrouvert:wip/2.8.0
entrouvert:wip/58788-debian-bullseye
entrouvert:more-datas-in-sessions
entrouvert:v2.8.2
entrouvert:v2.8.1
entrouvert:v2.8.0
entrouvert:v2.7.0
entrouvert:v2.6.1.3
entrouvert:v2.6.1.2
entrouvert:v2.6.1.1
entrouvert:v2.6.1
entrouvert:v2.6.0
entrouvert:v2.5.99
entrouvert:v2.5.1
entrouvert:v2.5.0
entrouvert:v2.4.1
entrouvert:v2.4.0
entrouvert:2.4.0
entrouvert:2.3.6
entrouvert:show
entrouvert:v2.3.6
entrouvert:v2.3.5
entrouvert:v2.3.4
entrouvert:v2.3.3
entrouvert:v2.3.2
entrouvert:v2.3.1
entrouvert:branch
entrouvert:release-2.3.0
entrouvert:rel-2-2-90
entrouvert:rel-2-2-90_4516
entrouvert:rel-2-2-2
entrouvert:rel-2-2-1
entrouvert:rel-0-6-4
entrouvert:rel-0-6-3
entrouvert:rel-0-6-2
entrouvert:rel-0-6-1
entrouvert:rel-0-6-0
entrouvert:pre-0-6-0
entrouvert:post-0-4-1-before-api-change
entrouvert:rel-0-4-1
entrouvert:rel-0-4-0
entrouvert:start
entrouvert:referentiel
..
compare: entrouvert:f575ac1a7cd7ecbc75323c6b24c1291208d4b40f
Branches Tags
entrouvert:main
entrouvert:wip/sync-packaging-2.8.0-3
entrouvert:wip/71393-pass-ldflags-to-perl-binding
entrouvert:wip/64605-debian-fonctionner-avec-le-chang
entrouvert:wip/2.8.0
entrouvert:wip/58788-debian-bullseye
entrouvert:more-datas-in-sessions
entrouvert:v2.8.2
entrouvert:v2.8.1
entrouvert:v2.8.0
entrouvert:v2.7.0
entrouvert:v2.6.1.3
entrouvert:v2.6.1.2
entrouvert:v2.6.1.1
entrouvert:v2.6.1
entrouvert:v2.6.0
entrouvert:v2.5.99
entrouvert:v2.5.1
entrouvert:v2.5.0
entrouvert:v2.4.1
entrouvert:v2.4.0
entrouvert:2.4.0
entrouvert:2.3.6
entrouvert:show
entrouvert:v2.3.6
entrouvert:v2.3.5
entrouvert:v2.3.4
entrouvert:v2.3.3
entrouvert:v2.3.2
entrouvert:v2.3.1
entrouvert:branch
entrouvert:release-2.3.0
entrouvert:rel-2-2-90
entrouvert:rel-2-2-90_4516
entrouvert:rel-2-2-2
entrouvert:rel-2-2-1
entrouvert:rel-0-6-4
entrouvert:rel-0-6-3
entrouvert:rel-0-6-2
entrouvert:rel-0-6-1
entrouvert:rel-0-6-0
entrouvert:pre-0-6-0
entrouvert:post-0-4-1-before-api-change
entrouvert:rel-0-4-1
entrouvert:rel-0-4-0
entrouvert:start
entrouvert:referentiel

3 Commits
d6820d8e7b ... f575ac1a7c

Author SHA1 Message Date
Benjamin Dauvergne f575ac1a7c xmlsec: re-enable KeyValue nodes when reading KeyInfo descriptors (#85339)
gitea/lasso/pipeline/head This commit looks good Details 
KeyValue has been disabled in libxmlsec >= 1.3.3, as it can be a security
liability in other settings than SAML:

   (xmlsec-core) Disabled KeyValue and DEREncodedKeyValue XML nodes by default. Use the '--enabled-key-data' option for the xmlsec command line utility or update the 'keyInfoCtx->enabledKeyData' parameter if you need to re-enable these nodes (also see question 3.5 in the FAQ).
 2024-01-31 10:22:19 +01:00
Benjamin Dauvergne 38d9291fd2 xmlsec: use XMLSEC_KEYINFO_FLAGS_LAX_KEY_SEARCH when writing encrypted keys (#85339) 
For compatibility with libxmlsec1>=1.3.0, as we do not use KeyName to
reference the wrapping key:

  (API breaking change) Changed the key search to strict mode: only keys referenced by KeyInfo are used. To restore the old "lax" mode, set XMLSEC_KEYINFO_FLAGS_LAX_KEY_SEARCH flag on xmlSecKeyInfoCtx or use '--lax-key-search' option for XMLSec command line utility.
 2024-01-31 10:22:19 +01:00
Benjamin Dauvergne f29d8e033b xmlsec: replace xmlSecCryptoAppKeyLoad by xmlSecCryptoAppKeyLoadEx (#85339) 
xmlSecCryptoAppKeyLoad was removed from libxmlsec1 in version >= 1.3.3:

  (xmlsec-core) Removed previously deprecated functions, defines, etc.

xmlSecCryptoAppKeyLoadEx was introduced in libxmlsec in version 1.3.0.
 2024-01-31 10:22:19 +01:00
1 changed files with 2 additions and 2 deletions
Show Stats Expand all files Collapse all files

4
lasso/xml/tools.c
View File

@ -310,7 +310,7 @@ xmlSecKeyPtr lasso_get_public_key_from_pem_file(const char *file) {
pub_key = lasso_get_public_key_from_pem_cert_file(file);
break;
case LASSO_PEM_FILE_TYPE_PUB_KEY:
#if LASSO_XMLSEC_VERSION_NUMBER > 0x010300
#if LASSO_XMLSEC_VERSION_NUMBER >= 0x010300
pub_key = xmlSecCryptoAppKeyLoadEx(file, xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate,
xmlSecKeyDataFormatPem, NULL, NULL, NULL);
#else
@ -384,7 +384,7 @@ lasso_get_public_key_from_pem_cert_file(const char *pem_cert_file)
static xmlSecKeyPtr
lasso_get_public_key_from_private_key_file(const char *private_key_file)
{
#if LASSO_XMLSEC_VERSION_NUMBER > 0x010300
#if LASSO_XMLSEC_VERSION_NUMBER >= 0x010300
return xmlSecCryptoAppKeyLoadEx(private_key_file, xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic,
xmlSecKeyDataFormatPem, NULL, NULL, NULL);
#else