Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Related to #176. Ensure IdP certificate is formatted properly #226

Merged
merged 8 commits into from
May 1, 2015
Merged

Related to #176. Ensure IdP certificate is formatted properly #226

merged 8 commits into from
May 1, 2015

Conversation

pitbulk
Copy link
Collaborator

@pitbulk pitbulk commented Apr 29, 2015

PR #176 + Rebase

dannyb and others added 5 commits April 29, 2015 07:21
@dannyb @phlipper
ensure IdP certificate is formatted properly:
27a8d56 
* when loading the provider certificate from the environment, or
  integrating via `omniauth-saml`, we would often encouter a series of
  `nested asn1 error` messages due to the malformed certificate failing
  to be read by `OpenSSL`.
* inspiration for this patch comes from toyokazu/rack-saml@b7646ad

thanks to @dannyb for the assistance!
@phlipper
ensure IdP private key is formatted properly:
cc9de95 
* this ensures that the private key will be formatted in a
  manner consistent with the certificate
@phlipper
add YARD style documentation to Utils methods
59b9b96
@pitbulk
Merge branch 'certificate-format' of https://github.com/phlipper/ruby…
ca39219 
…-saml into phlipper-certificate-format
@pitbulk
Fix conflicts, rebase master
5533581
@pitbulk pitbulk mentioned this pull request Apr 29, 2015
Merged
@luisvm
Copy link
Contributor

luisvm commented Apr 29, 2015

👍 looks good

@pitbulk
Copy link
Collaborator Author

pitbulk commented Apr 30, 2015

If I try to get info from the cert

openssl x509 -in valid_certificate -text -noout

I got:

unable to load certificate
139721105524416:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:150:
139721105524416:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header:tasn_dec.c:1306:
139721105524416:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:659:
139721105524416:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:751:Field=subject, Type=X509_CINF
139721105524416:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:751:Field=cert_info, Type=X509
139721105524416:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_oth.c:83:

So definitely this certificate is not valid...

@pitbulk
Copy link
Collaborator Author

pitbulk commented Apr 30, 2015

Same happens with the private_key

openssl rsa -in valid_rsa_private_key -check

unable to load Private Key
140452807743168:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1319:
140452807743168:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:381:Type=X509_ALGOR
140452807743168:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:751:Field=pkeyalg, Type=PKCS8_PRIV_KEY_INFO
140452807743168:error:0907B00D:PEM routines:PEM_READ_BIO_PRIVATEKEY:ASN1 lib:pem_pkey.c:132:

@pitbulk pitbulk mentioned this pull request May 1, 2015
Closed
pitbulk added a commit that referenced this pull request May 1, 2015
@pitbulk
Merge pull request #226 from onelogin/phlipper-certificate-format
386f098 
Related to #176. Ensure IdP certificate is formatted properly
@pitbulk pitbulk merged commit 386f098 into master May 1, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@pitbulk @luisvm @dannyb @phlipper