~fkooman/php-saml-sp#12: 
better error message when SP certs/keys are not there, or have wrong permission

the RPM and DEB packages are confusing as they do not really show the correct path for the certificate/key used by the SP.

Make sure the error messages shows the correct path, i.e. /etc/ssl/php-saml-sp and /etc/pki/php-saml-sp.

Status
REPORTED
Submitter
~fkooman
Assigned to
No-one
Submitted
5 months ago
Updated
5 months ago
Labels
No labels applied.

~fkooman 5 months ago

We already patch CryptoKeys in the RPM and DEB package, so we might as well directly point them to the real location instead of the symlinked location.

~fkooman 5 months ago

Example:

ERROR: [RuntimeException] unable to read key file "/usr/share/php-saml-sp/keys/signing.crt"

~fkooman 5 months ago*

Guess we can also remove the keys symlink under /usr/share/php-saml-sp...

~fkooman 5 months ago

Done for Debian / Ubuntu:

ERROR: [RuntimeException] unable to read key file "/etc/ssl/php-saml-sp/signing.crt"

~fkooman 5 months ago

What we need is production repository builds, it is available in testing now (v2-dev).

~fkooman 5 months ago*

We could have also used realpath

$ php -r 'echo realpath("/usr/share/php-saml-sp/keys");'
/etc/ssl/php-saml-sp

~fkooman 5 months ago*

One little issue:

$ php -r 'var_dump(realpath("/usr/share/php-saml-sp/keys/signing.crt"));'
bool(false)
$ sudo php -r 'var_dump(realpath("/usr/share/php-saml-sp/keys/signing.crt"));'
string(32) "/etc/ssl/php-saml-sp/signing.crt"

So, if there is no permission to access the file, it will return false, which doesn't help us! :(

~fkooman 5 months ago

So perhaps the DEB/RPM patches are still the best (most clear for admin) solution.

Register here or Log in to comment, or comment via email.