[Bug 399244] [NEW] php-openid 2.0.0 has broken support for HMAC-SHA256
Martin von Gagern
martin.vgagern at gmx.net
Tue Jul 14 11:35:33 UTC 2009
Public bug reported:
Binary package hint: php-openid
php-openid-2.0.0 does not correctly deal with associations of type HMAC-
SHA256. The code only supports the generation of HMAC-SHA1 signatures,
but it fails to reject attempts at a HMAC-SHA256 connection with an
"unsupported-type" error code as http://openid.net/specs/openid-
authentication-2_0.html#refuse_assoc requires. The result is that a php-
openid-2.0.0 server on current stable (jaunty) or current LTS (hardy)
will be considered invalid by e.g. a current ZendFramework client like
the one employed by sourceforge.
This bug here might be contributing to bug #313703, although there might
be more in that bug. The solution is probably the same, though: updating
to 2.1.3 as available in karmic. It shouldn't be too difficult to
backport this package to hardy and jaunty, and maybe to intrepid as
well. Maybe the package from karmic can be taken as is.
** Affects: php-openid (Ubuntu)
Importance: Undecided
Status: New
--
php-openid 2.0.0 has broken support for HMAC-SHA256
https://bugs.launchpad.net/bugs/399244
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list