-
Notifications
You must be signed in to change notification settings - Fork 474
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] Single-line privateKey value works OK for (default) HTTP-Redirect, but not for HTTP-POST binding #672
Comments
Please contribute a failing test to the the test suite that confirms this bug. |
Just an FYI, I just encountered this bug as well, and would like to chime in. I was going to open up an issue, but see this is here already. Single-line keys and certs work just fine for |
We are open to PRs to address this problem. As mentioned above, a good place to start would be a PR with a suite of failing tests. Then, others can help address the problem, should you need such help. |
same issue here, single line decryptionPvk works fine with 3.2.0, but 3.2.1 returns error:0909006C:PEM routines:get_name:no start line |
@djbrown78 We are open to PRs to address this problem. As mentioned above, a good place to start would be a PR with a suite of failing tests. You mentioned the issue appeared for you between 3.2.0 and 3.2.1. Here's the diff between those two versions. Not much changed. v3.2.0...v3.2.1 If an issue was really introduced there, it seems likely that it was triggered by changes in the |
additional information:
|
Since these problems are apparently well documented, let's get some tests so we are ready for any fix that may come along. I don't see much movement over at |
This looks like it might be related to #524 |
@cjbarth given that it may be understood as an undocumented/unrealized BREAKING CHANGE from
Also, if Looking forward your (and community) thoughts. |
The various XML packages that You might have a look at node-saml/xml-crypto#267 to see some discussion around this issue. |
@christian-hawk I think it's fair to treat this as a bug in passport-saml. We can adapt the cert format to match the format expected by our dependency. |
Also, maybe we should look again at using Github Sponsors or some other mechanism to get some financial support behind the maintenance of these modules important for web security. |
@markstos this fix should be implemented in |
I'd actually like to see just a test added to make sure that our dependent libraries keep doing what they should. If they break something, then we can take it up with them, and we'll know as soon as we try to take the broken dependently and can therefore avoid it. I don't want to take on more code than necessary since we then have to maintain it. |
Good point @cjbarth about keeping our surface area smaller. |
I had SAML working successfully, including signing, with the default HTTP Redirect binding.
Then I made a single change, to set
authnRequestBinding
toHTTP-POST
, and suddenly the system threw an error because of "no start line".code: ERR_OSSL_PEM_NO_START_LINE
My passport-saml configuration (with redactions) looks like this:
If I remove
authnRequestBinding
, it works fine again.If I keep the
authnRequestBinding
and contrive my online private key into a multiline one, it works fine again.I think that either:
authnRequestBinding
is set toHTTP-POST
.The text was updated successfully, but these errors were encountered: