Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RubySaml::Utils::format_cert mishandles extra text outside of PEM block. #636

Open
netapp-mraymond opened this issue Mar 2, 2022 · 3 comments

Comments

@netapp-mraymond
Copy link

netapp-mraymond commented Mar 2, 2022

RFC 7468 says "Data before the encapsulation boundaries are permitted" in a PEM format file. But the code in
https://github.com/onelogin/ruby-saml/blob/c38d72425b11aee5b2be595d44b407f8dfd92d6a/lib/onelogin/ruby-saml/utils.rb#L85
, when given a file with a single PEM block of certificate plus some non-ASCII extra text, will reformat in such way to move those extra text into the PEM block, resulting in downstream failures to decode.

@johnnyshields
Copy link
Collaborator

I think it is reasonable to support stripping out everything prior to --- BEGIN --- and --- END --. Should check if there is a RFC 7468-compliant function already. This would be a good to do for RubySaml 2.0

@pitbulk
Copy link
Collaborator

pitbulk commented Jul 9, 2024

@johnnyshields At php-saml support for certs with comments was added:
SAML-Toolkits/php-saml@a08c168

But someone opened a potential issue so not sure if the implementation is 100% ok.

@johnnyshields
Copy link
Collaborator

@netapp-mraymond I have a fix in #711 that hopefully will make it into 2.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants