~fkooman/php-saml-sp#12: 
better error message when SP certs/keys are not there, or have wrong permission

the RPM and DEB packages are confusing as they do not really show the correct path for the certificate/key used by the SP.

Make sure the error messages shows the correct path, i.e. /etc/ssl/php-saml-sp and /etc/pki/php-saml-sp.

Status
REPORTED
Submitter
~fkooman
Assigned to
No-one
Submitted
30 days ago
Updated
29 days ago
Labels
No labels applied.

~fkooman 30 days ago

We already patch CryptoKeys in the RPM and DEB package, so we might as well directly point them to the real location instead of the symlinked location.

~fkooman 30 days ago*

~fkooman 30 days ago

Example:

ERROR: [RuntimeException] unable to read key file "/usr/share/php-saml-sp/keys/signing.crt"

~fkooman 30 days ago

Done for Fedora/EL: https://git.sr.ht/~fkooman/php-saml-sp.rpm/tree/v2-dev/item/SOURCES/php-saml-sp-keys-path.patch

~fkooman 30 days ago*

Guess we can also remove the keys symlink under /usr/share/php-saml-sp...

~fkooman 30 days ago

Done for Debian / Ubuntu:

ERROR: [RuntimeException] unable to read key file "/etc/ssl/php-saml-sp/signing.crt"

~fkooman 30 days ago

What we need is production repository builds, it is available in testing now (v2-dev).

~fkooman 29 days ago*

We could have also used realpath

$ php -r 'echo realpath("/usr/share/php-saml-sp/keys");'
/etc/ssl/php-saml-sp

~fkooman 29 days ago*

One little issue:

$ php -r 'var_dump(realpath("/usr/share/php-saml-sp/keys/signing.crt"));'
bool(false)
$ sudo php -r 'var_dump(realpath("/usr/share/php-saml-sp/keys/signing.crt"));'
string(32) "/etc/ssl/php-saml-sp/signing.crt"

So, if there is no permission to access the file, it will return false, which doesn't help us! :(

~fkooman 29 days ago

So perhaps the DEB/RPM patches are still the best (most clear for admin) solution.

Register here or Log in to comment, or comment via email.