Permalink
Browse files

mnet MDL-16858 xmlrpc client signature verification code

  • Loading branch information...
1 parent 3703965 commit 612d671fbc02c3406eddbb03b37c5e9d0627bc2a Penny Leach committed with mouneyrac Dec 21, 2010
Showing with 8 additions and 0 deletions.
  1. +8 −0 mnet/xmlrpc/client.php
@@ -332,6 +332,14 @@ function send($mnet_peer) {
$this->error[] = $this->response['faultCode'] . " : " . $this->response['faultString'];
}
}
+
+ // ok, it's signed, but is it signed with the right certificate ?
+ // do this *after* we check for an out of date key
+ if (!openssl_verify($this->xmlrpcresponse, base64_decode($sig_parser->signature),
+ $mnet_peer->public_key)) {
+ $this->error[] = 'Invalid signature';
+ }
+
return empty($this->error);
}
}

0 comments on commit 612d671

Please sign in to comment.