When providing both a value for cert and multicerts to
|
def validate_sign(xml, cert=None, fingerprint=None, fingerprintalg='sha1', validatecert=False, debug=False, xpath=None, multicerts=None): |
the branching will ignore the value given for cert
|
# If multiple certs are provided, I may ignore cert and |
|
# fingerprint provided by the method and just check the |
|
# certs multicerts |
|
fingerprint = fingerprintalg = None |
|
for cert in multicerts: |
|
if OneLogin_Saml2_Utils.validate_node_sign(signature_node, elem, cert, fingerprint, fingerprintalg, validatecert, False, raise_exceptions=False): |
|
return True |
While reading the code / comment clarifies this behavior, the parameter documentation doesn't mention it making this function behave somewhat unexpected leading to security issues at worst.
When providing both a value for
certandmulticertstopython-saml/src/onelogin/saml2/utils.py
Line 965 in 488a00d
the branching will ignore the value given for
certpython-saml/src/onelogin/saml2/utils.py
Lines 1042 to 1048 in 488a00d
While reading the code / comment clarifies this behavior, the parameter documentation doesn't mention it making this function behave somewhat unexpected leading to security issues at worst.