You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In here why don't we just verify the public key before trying to use it?
// When public key is invalid, openssl throws a
// 'supplied key param cannot be coerced into a public key' warning
// and phar ignores sig verification.
// We need to protect from that by catching the warning
I think openssl_pkey_get_public($certificate) would do the job. So this is an input validation task, which should be in the setter and not in the processing code as some kind of workaround...
Btw why don't you send an issue about this feature. Maybe phar maintainers add it to the next release. (it is weird to talk about libs which haven't have maintenance for such a long time)
The text was updated successfully, but these errors were encountered:
In here why don't we just verify the public key before trying to use it?
I think openssl_pkey_get_public($certificate) would do the job. So this is an input validation task, which should be in the setter and not in the processing code as some kind of workaround...
Btw why don't you send an issue about this feature. Maybe phar maintainers add it to the next release. (it is weird to talk about libs which haven't have maintenance for such a long time)
The text was updated successfully, but these errors were encountered: