diff options
author | Benjamin Dauvergne <bdauvergne@entrouvert.com> | 2011-04-02 04:05:37 +0200 |
---|---|---|
committer | Benjamin Dauvergne <bdauvergne@entrouvert.com> | 2011-04-04 15:57:55 +0200 |
commit | 31a623aeeeee3174590aa984903abf46644bcc79 (patch) | |
tree | 0aaf18e9f06b5d0532e1444e3f850e72327ddbf4 /lasso | |
parent | 6477d6043c26dbb690e3065e30c622eec56516c6 (diff) | |
download | lasso-31a623aeeeee3174590aa984903abf46644bcc79.tar.gz lasso-31a623aeeeee3174590aa984903abf46644bcc79.tar.xz lasso-31a623aeeeee3174590aa984903abf46644bcc79.zip |
[server] in lasso_server_load_metadata do not duplicate checks already made by lasso_verify_signature
lasso_verify_signature already checks that reference is to the given
signed node, be it referenced through an ID or through an empty
reference.
Diffstat (limited to 'lasso')
-rw-r--r-- | lasso/id-ff/server.c | 8 |
1 files changed, 1 insertions, 7 deletions
diff --git a/lasso/id-ff/server.c b/lasso/id-ff/server.c index 98f1b88b..b3ced080 100644 --- a/lasso/id-ff/server.c +++ b/lasso/id-ff/server.c @@ -799,14 +799,8 @@ lasso_server_load_metadata(LassoServer *server, LassoProviderRole role, const gc root = xmlDocGetRootElement(doc); if (trusted_roots) { /* check metadata file signature */ - lasso_check_good_rc(lasso_verify_signature(root, doc, NULL, keys_mngr, NULL, + lasso_check_good_rc(lasso_verify_signature(root, doc, "ID", keys_mngr, NULL, EMPTY_URI, &uri_references)); - if (! uri_references || uri_references->next != NULL || ! - lasso_strisequal(uri_references->data, "")) { - warning("lasso_server_load_federation: metadata signature check failed, it" - " does not sign the complete file"); - goto_cleanup_with_rc(LASSO_DS_ERROR_INVALID_SIGNATURE); - } } if (lasso_strisequal((char*)root->ns->href, LASSO_SAML2_METADATA_HREF)) { lasso_check_good_rc(lasso_saml20_server_load_federation(server, role, root, blacklisted_entity_ids, loaded_entity_ids)); |