diff options
| author | Stefan Halen <github@gethere.tk> | 2016-10-02 22:04:28 +0200 |
|---|---|---|
| committer | Stefan Halen <github@gethere.tk> | 2016-10-02 22:04:28 +0200 |
| commit | 0556a445946c8e4dd2783abf314215cf98d02bf5 (patch) | |
| tree | 5c60091ea7069fbba2a4b62a87df13b83cdc8464 | |
| parent | 95f048784e2239fb1e40024e0a777fb4281436ba (diff) | |
| download | simplesamlphp-0556a445946c8e4dd2783abf314215cf98d02bf5.zip simplesamlphp-0556a445946c8e4dd2783abf314215cf98d02bf5.tar.gz simplesamlphp-0556a445946c8e4dd2783abf314215cf98d02bf5.tar.bz2 | |
Fix certificate precedence over fingerprint when verifying metadata
| -rw-r--r-- | modules/metarefresh/lib/MetaLoader.php | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/modules/metarefresh/lib/MetaLoader.php b/modules/metarefresh/lib/MetaLoader.php index c7871f5..24790fd 100644 --- a/modules/metarefresh/lib/MetaLoader.php +++ b/modules/metarefresh/lib/MetaLoader.php @@ -116,9 +116,13 @@ class sspmod_metarefresh_MetaLoader { } if(array_key_exists('validateFingerprint', $source) && $source['validateFingerprint'] !== NULL) { - if(!$entity->validateFingerprint($source['validateFingerprint'])) { - SimpleSAML_Logger::info('Skipping "' . $entity->getEntityId() . '" - could not verify signature using fingerprint.' . "\n"); - continue; + if(!array_key_exists('certificates', $source) || $source['certificates'] == NULL) { + if(!$entity->validateFingerprint($source['validateFingerprint'])) { + SimpleSAML_Logger::info('Skipping "' . $entity->getEntityId() . '" - could not verify signature using fingerprint.' . "\n"); + continue; + } + } else { + SimpleSAML_Logger::info('Skipping validation with fingerprint since option certificate is set.' . "\n"); } } |