Validate x.509 cert value is a valid certificate before inlining contents into signature

XML-Security / signxml

Python XML Signature and XAdES library

https://xml-security.github.io/signxml/

Apache License 2.0

137 stars 107 forks source link

Validate x.509 cert value is a valid certificate before inlining contents into signature #251

Open msetina opened 5 months ago

msetina commented 5 months ago

If you set cert parameter of sign call to empty string, signature will produce an empty in KeyInfo and even ignore public key data. Removing cert parameter form sign call will produce problem #250

kislyuk commented 5 months ago

Can you provide a specific example of what application you need to interoperate with that requires the X.509 certificate to be absent?

msetina commented 5 months ago

My code was faulty and produced empty string for ca chain. The cert parameter was no cecked, so the undesired result. Will provide the example....

kislyuk commented 5 months ago

I see, thanks. Yes, we need some validation here to ensure the certificate string to be inserted is an actual X.509 certificate.