Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RubySaml::Utils::format_cert mishandles extra text outside of PEM block. #636

Open
netapp-mraymond opened this issue Mar 2, 2022 · 1 comment
Open

RubySaml::Utils::format_cert mishandles extra text outside of PEM block. #636

netapp-mraymond opened this issue Mar 2, 2022 · 1 comment
Labels
enhancement pending PR-welcome

Comments

@netapp-mraymond
Copy link

netapp-mraymond commented Mar 2, 2022
edited

RFC 7468 says "Data before the encapsulation boundaries are permitted" in a PEM format file. But the code in
https://github.com/onelogin/ruby-saml/blob/c38d72425b11aee5b2be595d44b407f8dfd92d6a/lib/onelogin/ruby-saml/utils.rb#L85
, when given a file with a single PEM block of certificate plus some non-ASCII extra text, will reformat in such way to move those extra text into the PEM block, resulting in downstream failures to decode.
@pitbulk pitbulk mentioned this issue Jan 3, 2023
Closed
@johnnyshields
Copy link
Collaborator

@netapp-mraymond if you'd like to change this, please make a PR with a new global config option which enforces the new way, something like OneLogin::RubySaml.strict_pem_format. Please add tests to ensure both the old and new way works. We'll deprecate the old way and flip the config to always be true in the next major version (3.x)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement pending PR-welcome
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@johnnyshields @pitbulk @netapp-mraymond