entrouvert
/
lasso
16
0
Fork 0
Code Issues Pull Requests Releases Activity

compatibilité libxmlsec1 1.3.x (#85339) #10

Merged
bdauvergne merged 6 commits from wip/85339-lasso-regression-build-failure-a into main 2024-04-16 17:48:19 +02:00
Conversation 1 Commits 6 Files Changed 5 +32 -7
bdauvergne commented 2024-01-24 22:27:48 +01:00
Owner
Copy Link
No description provided.
bdauvergne added 5 commits 2024-01-24 22:27:48 +01:00
74fa9dda34 xmlsec: replace xmlSecCryptoAppKeyLoad by xmlSecCryptoAppKeyLoadEx (#85339) 
xmlSecCryptoAppKeyLoad was removed from libxmlsec1 in version >= 1.3.3:

  (xmlsec-core) Removed previously deprecated functions, defines, etc.
adce625ef8 xmlsec: use XMLSEC_KEYINFO_FLAGS_LAX_KEY_SEARCH when writing encrypted keys (#85339) 
For compatibility with libxmlsec1>=1.3.0, as we do not use KeyName to
reference the wrapping key:

  (API breaking change) Changed the key search to strict mode: only keys referenced by KeyInfo are used. To restore the old "lax" mode, set XMLSEC_KEYINFO_FLAGS_LAX_KEY_SEARCH flag on xmlSecKeyInfoCtx or use '--lax-key-search' option for XMLSec command line utility.
528bf35041 xmlsec: re-enable KeyValue nodes when reading KeyInfo descriptorsa (#85339) 
KeyValue has been disabled in libxmlsec >= 1.3.3, as it can be a security
liability in other settings than SAML:

   (xmlsec-core) Disabled KeyValue and DEREncodedKeyValue XML nodes by default. Use the '--enabled-key-data' option for the xmlsec command line utility or update the 'keyInfoCtx->enabledKeyData' parameter if you need to re-enable these nodes (also see question 3.5 in the FAQ).
bdauvergne force-pushed wip/85339-lasso-regression-build-failure-a from 528bf35041 to fce2ecc2cb 2024-01-24 22:28:12 +01:00 Compare
tnoel requested changes 2024-01-25 12:21:42 +01:00
tnoel left a comment
Owner
Copy Link

Jenkins annonce que quelque chose ne va pas ...

...
22:28:50  xml.c: In function ‘lasso_node_encrypt’:
22:28:50  xml.c:623:36: error: ‘XMLSEC_KEYINFO_FLAGS_LAX_KEY_SEARCH’ undeclared (first use in this function)
22:28:50    623 |  enc_ctx->keyInfoWriteCtx.flags |= XMLSEC_KEYINFO_FLAGS_LAX_KEY_SEARCH;
22:28:50        |  
...
Jenkins annonce que quelque chose ne va pas ... ``` ... 22:28:50 xml.c: In function ‘lasso_node_encrypt’: 22:28:50 xml.c:623:36: error: ‘XMLSEC_KEYINFO_FLAGS_LAX_KEY_SEARCH’ undeclared (first use in this function) 22:28:50 623 | enc_ctx->keyInfoWriteCtx.flags |= XMLSEC_KEYINFO_FLAGS_LAX_KEY_SEARCH; 22:28:50 | ... ```
bdauvergne commented 2024-01-25 12:39:34 +01:00
Author
Owner
Copy Link

Jenkins annonce que quelque chose ne va pas ...

...
22:28:50  xml.c: In function ‘lasso_node_encrypt’:
22:28:50  xml.c:623:36: error: ‘XMLSEC_KEYINFO_FLAGS_LAX_KEY_SEARCH’ undeclared (first use in this function)
22:28:50    623 |  enc_ctx->keyInfoWriteCtx.flags |= XMLSEC_KEYINFO_FLAGS_LAX_KEY_SEARCH;
22:28:50        |  
...

Ouais je suis déjà content d'avoir trouvé où poser ça dans le code, quand on fait du C 3h par an ça aide pas :/ Mais ouais je dois conditionner ça sur la version de libxmlsec.

> Jenkins annonce que quelque chose ne va pas ... > > ``` > ... > 22:28:50 xml.c: In function ‘lasso_node_encrypt’: > 22:28:50 xml.c:623:36: error: ‘XMLSEC_KEYINFO_FLAGS_LAX_KEY_SEARCH’ undeclared (first use in this function) > 22:28:50 623 | enc_ctx->keyInfoWriteCtx.flags |= XMLSEC_KEYINFO_FLAGS_LAX_KEY_SEARCH; > 22:28:50 | > ... > ``` > Ouais je suis déjà content d'avoir trouvé où poser ça dans le code, quand on fait du C 3h par an ça aide pas :/ Mais ouais je dois conditionner ça sur la version de libxmlsec.
bdauvergne force-pushed wip/85339-lasso-regression-build-failure-a from fce2ecc2cb to 4fb1301051 2024-01-27 15:32:22 +01:00 Compare
bdauvergne force-pushed wip/85339-lasso-regression-build-failure-a from 4fb1301051 to 2c4916a621 2024-01-29 17:02:04 +01:00 Compare
bdauvergne force-pushed wip/85339-lasso-regression-build-failure-a from 2c4916a621 to 24d9c220cb 2024-01-29 17:02:38 +01:00 Compare
bdauvergne force-pushed wip/85339-lasso-regression-build-failure-a from 24d9c220cb to 16c9c97629 2024-01-29 17:32:16 +01:00 Compare
bdauvergne force-pushed wip/85339-lasso-regression-build-failure-a from 16c9c97629 to e8eab67bbf 2024-01-29 17:50:23 +01:00 Compare
bdauvergne requested review from tnoel 2024-01-29 18:33:15 +01:00
tnoel requested review from pducroquet 2024-01-30 17:22:44 +01:00
pducroquet requested changes 2024-01-30 17:44:58 +01:00
lasso/xml/tools.c Outdated
@ -309,8 +310,13 @@ xmlSecKeyPtr lasso_get_public_key_from_pem_file(const char *file) {
pub_key = lasso_get_public_key_from_pem_cert_file(file);
break;
case LASSO_PEM_FILE_TYPE_PUB_KEY:
#if LASSO_XMLSEC_VERSION_NUMBER > 0x010224
pducroquet commented 2024-01-30 17:42:47 +01:00
Owner
Copy Link

Cette méthode a été introduite dans la branche 1.3 de xmlsec, donc ce test rend lasso incompatible avec xmlsec 1.2.25 à 1.2.39.
Plutôt >= 0x010300 du coup.

Cette méthode a été introduite dans la branche 1.3 de xmlsec, donc ce test rend lasso incompatible avec xmlsec 1.2.25 à 1.2.39. Plutôt ` >= 0x010300` du coup.
bdauvergne commented 2024-01-30 17:50:34 +01:00
Author
Owner
Copy Link

J'ai regardé le dépôt git de xmlsec parce que je ne voyais rien dans le changelog et elle est apparue après la release 1.2.36 (d'où le 0x010224).

J'ai regardé le dépôt git de xmlsec parce que je ne voyais rien dans le changelog et elle est apparue après la release 1.2.36 (d'où le 0x010224).
bdauvergne commented 2024-01-30 17:54:34 +01:00
Author
Owner
Copy Link

Non finalement t'as raison elle apparaît après le tag xmlsec-1_2_36 mais elle n'est incluse qu'à partir du tag xmlsec_1_3_0, branche à jour.

Non finalement t'as raison elle apparaît après le tag xmlsec-1_2_36 mais elle n'est incluse qu'à partir du tag xmlsec_1_3_0, branche à jour.
pducroquet commented 2024-01-31 09:21:04 +01:00
Owner
Copy Link

Tu as laissé un > pour ce fichier, ce qui empêche l'utilisation de cette fonction avec xmlsec 1.3.0, c'est voulu ?

Tu as laissé un > pour ce fichier, ce qui empêche l'utilisation de cette fonction avec xmlsec 1.3.0, c'est voulu ?
bdauvergne commented 2024-01-31 11:14:47 +01:00
Author
Owner
Copy Link

Non, j'ai corrigé.

Non, j'ai corrigé.
bdauvergne marked this conversation as resolved
bdauvergne force-pushed wip/85339-lasso-regression-build-failure-a from e8eab67bbf to d6820d8e7b 2024-01-30 17:53:56 +01:00 Compare
bdauvergne requested review from pducroquet 2024-01-30 17:54:45 +01:00
bdauvergne force-pushed wip/85339-lasso-regression-build-failure-a from d6820d8e7b to f575ac1a7c 2024-01-31 10:22:30 +01:00 Compare
bdauvergne requested review from yweber 2024-04-15 17:26:01 +02:00
bdauvergne force-pushed wip/85339-lasso-regression-build-failure-a from f575ac1a7c to aa89aa4672 2024-04-16 09:26:40 +02:00 Compare
bdauvergne force-pushed wip/85339-lasso-regression-build-failure-a from aa89aa4672 to b9e318856d 2024-04-16 10:57:46 +02:00 Compare
bdauvergne force-pushed wip/85339-lasso-regression-build-failure-a from b9e318856d to ede9aef12e 2024-04-16 11:26:13 +02:00 Compare
bdauvergne force-pushed wip/85339-lasso-regression-build-failure-a from ede9aef12e to 49e0ea80c8 2024-04-16 16:33:10 +02:00 Compare
yweber approved these changes 2024-04-16 17:40:18 +02:00
bdauvergne merged commit 49e0ea80c8 into main 2024-04-16 17:48:19 +02:00
bdauvergne deleted branch wip/85339-lasso-regression-build-failure-a 2024-04-16 17:48:20 +02:00
Sign in to join this conversation.
Reviewers
No reviewers
tnoel
pducroquet
yweber
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
4 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: entrouvert/lasso#10
No description provided.
Delete Branch "wip/85339-lasso-regression-build-failure-a"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?