Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error after upgrade: supplied parameter cannot be coerced into an X509 certificate #589

Open
onnerby opened this issue Jun 4, 2024 · 5 comments
Open

Error after upgrade: supplied parameter cannot be coerced into an X509 certificate #589

onnerby opened this issue Jun 4, 2024 · 5 comments

Comments

@onnerby
Copy link

onnerby commented Jun 4, 2024

We just made an upgrade from 3.6.1 to 3.7.0 that works perfect against Google SSO.
But after upgrading - one of our customers that are using some internal SAML-implementation got errors like this

openssl_x509_read(): supplied parameter cannot be coerced into an X509 certificate! in .../vendor/robrichards/xmlseclibs/src/XMLSecurityKey.php(365)
#1 .../vendor/robrichards/xmlseclibs/src/XMLSecurityKey.php(365): openssl_x509_read('-----BEGIN CERT...')
#2 .../vendor/onelogin/php-saml/src/Saml2/Utils.php(1500): RobRichards\XMLSecLibs\XMLSecurityKey->loadKey('-----BEGIN CERT...', false, true)
#3 .../vendor/onelogin/php-saml/src/Saml2/Response.php(433): OneLogin\Saml2\Utils::validateSign(Object(DOMDocument), '-----BEGIN CERT...', '', 'sha1', '/samlp:Response...', Array)

I quickly reverted back to 3.6.1 that works great.
Any idea what went wrong?

Thank you for a great library 😄
@pitbulk
Copy link
Contributor

pitbulk commented Jun 4, 2024
edited
Loading

Hi @onnerby,

related to certs, on 3.7.0 was introduced the hability to identify comments on public cert files:

Are you able to identify the original public cert that you were trying to read and had the error with the openssl_x509_read
Wonder if a corner case bug was introduced with this PR.

It would be great if I could reproduce the same and release a 3.7.1 version with the fix, so please provide me with the data to reproduce it (notice that public certs are already public), but send it by mail (find it in my profile) if you prefer that option.

@pitbulk
Copy link
Contributor

pitbulk commented Jun 20, 2024

Hi @onnerby,

following up on this. Do you have the chance to share with me what I requested in previous message?

@onnerby
Copy link
Author

onnerby commented Jun 20, 2024

Hi @onnerby,

following up on this. Do you have the chance to share with me what I requested in previous message?

@pitbulk I'm waiting for my customer's approval to test this again, but they are currently on vacation ⛱️
I'll try again in a couple of weeks

@pitbulk
Copy link
Contributor

pitbulk commented Jul 9, 2024

@onnerby , any news?

@pitbulk pitbulk mentioned this issue Jul 9, 2024
Open
@gr8b
Copy link

gr8b commented Aug 26, 2024

Any news on issue? Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@pitbulk @onnerby @gr8b