Core: enforce flag verify-signature in function lasso_verify_signature

 * lasso/xml/tools.c: in lasso_verify_signature always return success if
   lasso_flag_verify_signature is FALSE.
 * lasso/xml/private.h: change return type to int.

2 files changed, 5 insertions, 2 deletions

diff --git a/lasso/xml/private.h b/lasso/xml/private.h
index 1e4bf033..d228ed73 100644
--- a/lasso/xml/private.h
+++ b/lasso/xml/private.h
@@ -127,7 +127,7 @@ char** urlencoded_to_strings(const char *str);
 int lasso_sign_node(xmlNode *xmlnode, const char *id_attr_name, const char *id_value,
 		const char *private_key_file, const char *certificate_file);
 
-gboolean lasso_verify_signature(xmlNode *signed_node, const char *id_attr_name,
+int lasso_verify_signature(xmlNode *signed_node, const char *id_attr_name,
 		xmlSecKeysMngr *keys_manager, xmlSecKey *public_key,
 		SignatureVerificationOption signature_verification_option,
 		GList **uri_references);
diff --git a/lasso/xml/tools.c b/lasso/xml/tools.c
index c29301be..f4eeb2e6 100644
--- a/lasso/xml/tools.c
+++ b/lasso/xml/tools.c
@@ -987,7 +987,7 @@ lasso_saml_constrain_dsigctxt(xmlSecDSigCtxPtr dsigCtx) {
  * Return: 0 if signature was validated, and error code otherwise.
  */
 
-gboolean
+int
 lasso_verify_signature(xmlNode *signed_node, const char *id_attr_name,
 		xmlSecKeysMngr *keys_manager, xmlSecKey *public_key,
 		SignatureVerificationOption signature_verification_option,
@@ -1004,6 +1004,9 @@ lasso_verify_signature(xmlNode *signed_node, const char *id_attr_name,
 	g_return_val_if_fail(signed_node && id_attr_name && (keys_manager || public_key),
 			LASSO_PARAM_ERROR_INVALID_VALUE);
 
+	if (lasso_flag_verify_signature == FALSE) {
+		return 0;
+	}
 	/* Find signature */
 	signature = xmlSecFindNode(signed_node, xmlSecNodeSignature, xmlSecDSigNs);
 	goto_exit_if_fail (signature, LASSO_DS_ERROR_SIGNATURE_NOT_FOUND);