diff options
author | Benjamin Dauvergne <bdauvergne@entrouvert.com> | 2009-04-27 08:19:28 +0000 |
---|---|---|
committer | Benjamin Dauvergne <bdauvergne@entrouvert.com> | 2009-04-27 08:19:28 +0000 |
commit | ecb84ebd1d22c2cf4fe870633b1a242632cb7df3 (patch) | |
tree | 617f108b2f96be0b7d6efa0698f58d053f1568ab | |
parent | 86b97760e6202533fc87777f75cc4b95c594ec44 (diff) | |
download | lasso-ecb84ebd1d22c2cf4fe870633b1a242632cb7df3.tar.gz lasso-ecb84ebd1d22c2cf4fe870633b1a242632cb7df3.tar.xz lasso-ecb84ebd1d22c2cf4fe870633b1a242632cb7df3.zip |
fix: in lasso_verify_signature() only look for the first direct child Signature element
* lasso/xml/tools.c:
in SAML message signatures are usually envelopped signatures, so just
lookup for the first direct child which is a Signature node.
-rw-r--r-- | lasso/xml/tools.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lasso/xml/tools.c b/lasso/xml/tools.c index 7a2b92da..47bba423 100644 --- a/lasso/xml/tools.c +++ b/lasso/xml/tools.c @@ -1018,8 +1018,8 @@ lasso_verify_signature(xmlNode *signed_node, xmlDoc *doc, const char *id_attr_na if (lasso_flag_verify_signature == FALSE) { return 0; } - /* Find signature */ - signature = xmlSecFindNode(signed_node, xmlSecNodeSignature, xmlSecDSigNs); + /* Find signature as direct child. */ + signature = xmlSecFindChild(signed_node, xmlSecNodeSignature, xmlSecDSigNs); goto_cleanup_if_fail_with_rc (signature, LASSO_DS_ERROR_SIGNATURE_NOT_FOUND); /* Create a temporary doc, if needed */ |