Skip to content

Add support for xmlsec1 1.3 #902

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jun 9, 2023
Merged

Add support for xmlsec1 1.3 #902

merged 2 commits into from
Jun 9, 2023

Conversation

timofey-barmin
Copy link
Contributor

@timofey-barmin timofey-barmin commented Apr 22, 2023
edited by c00kiemon5ter
Loading

Description

Add support for xmlsec1 1.3

The feature or problem addressed by this PR

There are two changes in xmlsec1 1.3 that break compatibility for me:

  1. From xmlsec repo:

(API breaking change) Changed the key search to strict mode: only keys referenced by KeyInfo are used. To restore the old "lax" mode, set XMLSEC_KEYINFO_FLAGS_LAX_KEY_SEARCH flag on xmlSecKeyInfoCtx or use '--lax-key-search' option for XMLSec command line utility.

I couldn't make it work without passing --lax-key-search to xmlsec1, 'cause in my case it seems like KeyInfo never contains the private key that is used for signature.
Please let me know if you have a better solution.

  1. xmlsec1 changed format of the output for signature verification: "OK" -> "Verification status: OK"
What your changes do and why you chose this solution

I am checking the version of the xmlsec1 utility and if it is > 1.3, I am (a) adding the --lax-key-search param; (b) expect proper output during signature verification.

Checklist

  • Checked that no other issues or pull requests exist for the same issue/change
  • Added tests covering the new functionality
  • Updated documentation OR the change is too minor to be documented
  • Updated CHANGELOG.md OR changes are insignificant

@miettal
Copy link

miettal commented Jun 2, 2023

This works for me! xmlsec 1.3.

@peppelinux peppelinux requested a review from c00kiemon5ter June 2, 2023 20:52
@peppelinux
Copy link
Member

@c00kiemon5ter it seems good to me, however we really need a CI running tests in all the PRs and branches

@c00kiemon5ter c00kiemon5ter mentioned this pull request Jun 9, 2023
Closed
@c00kiemon5ter c00kiemon5ter force-pushed the xmlsec1_1_3_support branch from 211423f to 6aaf1ec Compare June 9, 2023 08:43
@c00kiemon5ter c00kiemon5ter merged commit 596803a into IdentityPython:master Jun 9, 2023
@c00kiemon5ter c00kiemon5ter mentioned this pull request Jun 11, 2024
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@c00kiemon5ter c00kiemon5ter Awaiting requested review from c00kiemon5ter

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@timofey-barmin @miettal @peppelinux @c00kiemon5ter