fix: in lasso_verify_signature() only look for the first direct child Signature element

* lasso/xml/tools.c: in SAML message signatures are usually envelopped signatures, so just lookup for the first direct child which is a Signature node.
author: Benjamin Dauvergne <bdauvergne@entrouvert.com> 2009-04-27 08:19:28 +0000
committer: Benjamin Dauvergne <bdauvergne@entrouvert.com> 2009-04-27 08:19:28 +0000
commit: ecb84ebd1d22c2cf4fe870633b1a242632cb7df3 (patch)
tree: 617f108b2f96be0b7d6efa0698f58d053f1568ab
parent: 86b97760e6202533fc87777f75cc4b95c594ec44 (diff)
download: lasso-ecb84ebd1d22c2cf4fe870633b1a242632cb7df3.tar.gz
lasso-ecb84ebd1d22c2cf4fe870633b1a242632cb7df3.tar.xz
lasso-ecb84ebd1d22c2cf4fe870633b1a242632cb7df3.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/lasso/xml/tools.c b/lasso/xml/tools.c
index 7a2b92da..47bba423 100644
--- a/lasso/xml/tools.c
+++ b/lasso/xml/tools.c
@@ -1018,8 +1018,8 @@ lasso_verify_signature(xmlNode *signed_node, xmlDoc *doc, const char *id_attr_na
 	if (lasso_flag_verify_signature == FALSE) {
 		return 0;
 	}
-	/* Find signature */
-	signature = xmlSecFindNode(signed_node, xmlSecNodeSignature, xmlSecDSigNs);
+	/* Find signature as direct child. */
+	signature = xmlSecFindChild(signed_node, xmlSecNodeSignature, xmlSecDSigNs);
 	goto_cleanup_if_fail_with_rc (signature, LASSO_DS_ERROR_SIGNATURE_NOT_FOUND);
 
 	/* Create a temporary doc, if needed */
author	Benjamin Dauvergne <bdauvergne@entrouvert.com>	2009-04-27 08:19:28 +0000
committer	Benjamin Dauvergne <bdauvergne@entrouvert.com>	2009-04-27 08:19:28 +0000
commit	ecb84ebd1d22c2cf4fe870633b1a242632cb7df3 (patch)
tree	617f108b2f96be0b7d6efa0698f58d053f1568ab
parent	86b97760e6202533fc87777f75cc4b95c594ec44 (diff)
download	lasso-ecb84ebd1d22c2cf4fe870633b1a242632cb7df3.tar.gz lasso-ecb84ebd1d22c2cf4fe870633b1a242632cb7df3.tar.xz lasso-ecb84ebd1d22c2cf4fe870633b1a242632cb7df3.zip