Bug #98
Support for encrypted private keys is incomplete
Début:
15 juin 2010
Echéance:
% réalisé:
100%
Temps estimé:
15:00 h
Patch proposed:
Planning:
Description
For the moment we can load the definition of a private key and its password in a LassoServer object. All the plumbing which goes from the LassoServer object to signed LassoNode is missing for the password argument.
What's needed:
- a way to attach the password to signed node, without breaking ABI compatibility (so adding a public field is forbidden) ;
- to use this new parameter in calls to lasso_sign_node ;
- to serialize this new field with the old ones.
The objects to extend are LassoSamlp2StatusResponse, LassoSamlp2RequestAbstract and LassoSaml2Assertion.
ID-FFv1.2 is not a priority.
Historique
Mis à jour par Clément Oudot il y a presque 14 ans
I tested today, and I confirm this not working for now. Passwords are loaded, but we then have this kind of error:
Enter PEM pass phrase: func=xmlSecOpenSSLAppKeyLoadBIO:file=app.c:line=243:obj=unknown:subj=PEM_read_bio_PrivateKey and PEM_read_bio_PUBKEY:error=4:crypto library function failed: func=xmlSecOpenSSLAppKeyLoadMemory:file=app.c:line=193:obj=unknown:subj=xmlSecOpenSSLAppKeyLoadBIO:error=1:xmlsec library function failed: Enter PEM pass phrase: func=xmlSecOpenSSLAppKeyLoadBIO:file=app.c:line=243:obj=unknown:subj=PEM_read_bio_PrivateKey and PEM_read_bio_PUBKEY:error=4:crypto library function failed: func=xmlSecOpenSSLAppKeyLoadMemory:file=app.c:line=193:obj=unknown:subj=xmlSecOpenSSLAppKeyLoadBIO:error=1:xmlsec library function failed: Enter PEM pass phrase:
And:
[Mon Jul 05 13:34:57 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Lasso error [ debug ]: 2010-07-05 13:34:57 (tools.c/:985) Failed to load private key. [Mon Jul 05 13:34:57 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Lasso error [ warning ]: 2010-07-05 13:34:57\tSigning of saml2:Assertion failed: Failed to load private key. [Mon Jul 05 13:34:57 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Lasso error [ debug ]: 2010-07-05 13:34:57 (tools.c/:985) Failed to load private key. [Mon Jul 05 13:34:57 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Lasso error [ warning ]: 2010-07-05 13:34:57\tSigning of samlp2:StatusResponse failed: Failed to load private key. [Mon Jul 05 13:34:57 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Lasso error [ debug ]: 2010-07-05 13:34:57 (tools.c/:985) Failed to load private key. [Mon Jul 05 13:34:57 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Lasso error [ warning ]: 2010-07-05 13:34:57\tSigning of samlp2:StatusResponse failed: Failed to load private key.