[
https://issues.apache.org/jira/browse/SHINDIG-491?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12619436#action_12619436
]
impetus technologies commented on SHINDIG-491:
----------------------------------------------
Hi Chris,
Conceptually this is correct.
But currently we don't have a default private key in our code. I have a
suggestion to handle this... If we can make a dummy private key and store it in
the certs folder, then we will never have a blank key in signing fetcher file
Also, this way we can throw the exception when one tries to sign a request
without having an actual key.
> Improper handling of Key
> ------------------------
>
> Key: SHINDIG-491
> URL: https://issues.apache.org/jira/browse/SHINDIG-491
> Project: Shindig
> Issue Type: Bug
> Environment: windows
> Reporter: impetus technologies
> Assignee: Chris Chabot
> Attachments: SigningFetcherFactory.php.patch
>
>
> Hi,
> In SigningFetcherFactory.php "openssl_pkey_get_private()" method should be
> called in case of a proper key if it is blank or not a key then it should not
> be called. So it should be inside the "else". I have submitted this patch
> previously with issue Shindig-477 on 2008-07-28. It was committed too. But I
> think during the cache code cleaning it was missed.
> Patch is attached for the same.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
