Soft validate with missing cert shouldn't raise error

[caius]

We should be able to soft validate without an exception being raised, which includes when the certificate is missing. This patch brings the behaviour of that validation inline with the fingerprint validation in the same method. (Returns false for soft validation, raises exception for non-soft validation.)

[Lordnibbler]

@caius can you please rebase off master and see if your specs still pass?

[caius]

@Lordnibbler sure thing, will give it a go

[caius]

@Lordnibbler rebased on master successfully. Test fails against master, passes with the patch to xml_security.rb in this PR. Please can has review & merge? 😀

[phene]

+1 for fixing this behavior.

[eccegordo]

sorta related to this can anyone explain how to validate a saml response where there is NOT an X.509 cert embedded in the SAML XML?

I have access to the cert and the signature but not sure what part of OpenSSL to use for the validation.

In other words this particular line does not work for me in my specific use case.

cert                    = OpenSSL::X509::Certificate.new(cert_text)

[wbajzek]

+1 on this issue, and @eccegordo's question.

[caius]

@Lordnibbler any chance of getting this merged in now please? 😄

[phene]

I ended up also including this fix in my PR here: #139

[Lordnibbler]

@luisvm @inakidelamadrid @pitbulk does this issue look good? Would we rather fix via #139 ?

[Lordnibbler]

fixed via #139 @phene @caius