search

liamdennehy / eidas-certificate-parse

Parse and validate eIDAS Certificates based on EU Trusted List of Lists
13 stars 1 forks source link

Missing composer dependency #76

Closed Ludo444 closed 4 years ago

Ludo444 commented 4 years ago

Currently when trying to install, composer fails to resolve dependency.

Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - Installation request for liamdennehy/eidas-certificate ^3.5 -> satisfiable by liamdennehy/eidas-certificate[3.5.0].
    - liamdennehy/eidas-certificate 3.5.0 requires robrichards/xmlseclibs dev-mgf1#c2e5a1424804c462ec5342bb68858725cbe78256@dev -> no matching package found.

Looks like that branch was merged and proprely released in xmlseclibs ?

liamdennehy commented 4 years ago

Apologies for this, haven't paid attention in a while. At the time xmlseclibs didn't support RSA-PSS signatures which the German Trust List started using. Will look into this and see what the current state is.

liamdennehy commented 4 years ago

Thanks for the fix, and spotting useless dependency too! :+1:

liamdennehy commented 4 years ago

Thanks for the fix, and spotting useless dependency too! :+1:

Will now work on seeing if Germany's TL can be verified against latest phpseclib

Ludo444 commented 4 years ago

actually I noticed problem with Switzerland today, they are using sha384WithECDSA currently and lib was not able to process it

liamdennehy commented 4 years ago

I'm working on PR #80 to toggle signature verification, I'd rather process a TL without signature verification than exclude it, then leave verification up to the user. I don't see any plans on xmlseclib to handle these signature formats any time soon :disappointed: