entrouvert
/
lasso
16
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: entrouvert:fce2ecc2cb48a071eafab9c4777bfec974c9c0eb
Branches Tags
entrouvert:main
entrouvert:wip/sync-packaging-2.8.0-3
entrouvert:wip/71393-pass-ldflags-to-perl-binding
entrouvert:wip/64605-debian-fonctionner-avec-le-chang
entrouvert:wip/2.8.0
entrouvert:wip/58788-debian-bullseye
entrouvert:more-datas-in-sessions
entrouvert:v2.8.2
entrouvert:v2.8.1
entrouvert:v2.8.0
entrouvert:v2.7.0
entrouvert:v2.6.1.3
entrouvert:v2.6.1.2
entrouvert:v2.6.1.1
entrouvert:v2.6.1
entrouvert:v2.6.0
entrouvert:v2.5.99
entrouvert:v2.5.1
entrouvert:v2.5.0
entrouvert:v2.4.1
entrouvert:v2.4.0
entrouvert:2.4.0
entrouvert:2.3.6
entrouvert:show
entrouvert:v2.3.6
entrouvert:v2.3.5
entrouvert:v2.3.4
entrouvert:v2.3.3
entrouvert:v2.3.2
entrouvert:v2.3.1
entrouvert:branch
entrouvert:release-2.3.0
entrouvert:rel-2-2-90
entrouvert:rel-2-2-90_4516
entrouvert:rel-2-2-2
entrouvert:rel-2-2-1
entrouvert:rel-0-6-4
entrouvert:rel-0-6-3
entrouvert:rel-0-6-2
entrouvert:rel-0-6-1
entrouvert:rel-0-6-0
entrouvert:pre-0-6-0
entrouvert:post-0-4-1-before-api-change
entrouvert:rel-0-4-1
entrouvert:rel-0-4-0
entrouvert:start
entrouvert:referentiel
..
compare: entrouvert:4fb13010516d9529e45b0c0de20c80921e74d95f
Branches Tags
entrouvert:main
entrouvert:wip/sync-packaging-2.8.0-3
entrouvert:wip/71393-pass-ldflags-to-perl-binding
entrouvert:wip/64605-debian-fonctionner-avec-le-chang
entrouvert:wip/2.8.0
entrouvert:wip/58788-debian-bullseye
entrouvert:more-datas-in-sessions
entrouvert:v2.8.2
entrouvert:v2.8.1
entrouvert:v2.8.0
entrouvert:v2.7.0
entrouvert:v2.6.1.3
entrouvert:v2.6.1.2
entrouvert:v2.6.1.1
entrouvert:v2.6.1
entrouvert:v2.6.0
entrouvert:v2.5.99
entrouvert:v2.5.1
entrouvert:v2.5.0
entrouvert:v2.4.1
entrouvert:v2.4.0
entrouvert:2.4.0
entrouvert:2.3.6
entrouvert:show
entrouvert:v2.3.6
entrouvert:v2.3.5
entrouvert:v2.3.4
entrouvert:v2.3.3
entrouvert:v2.3.2
entrouvert:v2.3.1
entrouvert:branch
entrouvert:release-2.3.0
entrouvert:rel-2-2-90
entrouvert:rel-2-2-90_4516
entrouvert:rel-2-2-2
entrouvert:rel-2-2-1
entrouvert:rel-0-6-4
entrouvert:rel-0-6-3
entrouvert:rel-0-6-2
entrouvert:rel-0-6-1
entrouvert:rel-0-6-0
entrouvert:pre-0-6-0
entrouvert:post-0-4-1-before-api-change
entrouvert:rel-0-4-1
entrouvert:rel-0-4-0
entrouvert:start
entrouvert:referentiel

2 Commits
fce2ecc2cb ... 4fb1301051

Author SHA1 Message Date
Benjamin Dauvergne 4fb1301051 xmlsec: re-enable KeyValue nodes when reading KeyInfo descriptors (#85339)
gitea/lasso/pipeline/head There was a failure building this commit Details 
KeyValue has been disabled in libxmlsec >= 1.3.3, as it can be a security
liability in other settings than SAML:

   (xmlsec-core) Disabled KeyValue and DEREncodedKeyValue XML nodes by default. Use the '--enabled-key-data' option for the xmlsec command line utility or update the 'keyInfoCtx->enabledKeyData' parameter if you need to re-enable these nodes (also see question 3.5 in the FAQ).
 2024-01-27 15:32:18 +01:00
Benjamin Dauvergne 077d719dba xmlsec: use XMLSEC_KEYINFO_FLAGS_LAX_KEY_SEARCH when writing encrypted keys (#85339) 
For compatibility with libxmlsec1>=1.3.0, as we do not use KeyName to
reference the wrapping key:

  (API breaking change) Changed the key search to strict mode: only keys referenced by KeyInfo are used. To restore the old "lax" mode, set XMLSEC_KEYINFO_FLAGS_LAX_KEY_SEARCH flag on xmlSecKeyInfoCtx or use '--lax-key-search' option for XMLSec command line utility.
 2024-01-27 15:32:18 +01:00
1 changed files with 2 additions and 0 deletions
Show Stats Expand all files Collapse all files

2
lasso/xml/xml.c
View File

@ -620,7 +620,9 @@ lasso_node_encrypt(LassoNode *lasso_node, xmlSecKey *encryption_public_key,
goto cleanup;
}
#if (XMLSEC_MAJOR > 1) || (XMLSEC_MAJOR == 1 && XMLSEC_MINOR > 3) || (XMLSEC_MAJOR == 1 && XMLSEC_MINOR == 3 && XMLSEC_SUBMINOR >= 0)
enc_ctx->keyInfoWriteCtx.flags |= XMLSEC_KEYINFO_FLAGS_LAX_KEY_SEARCH;
#endif
/* generate a symetric key */
switch (encryption_sym_key_type) {