php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #59857 Signature incorrect for SSL on non-standard port
Submitted: 2011-07-18 11:45 UTC Modified: 2011-07-21 16:30 UTC
From: james dot shoemaker at buyercompass dot com Assigned:
Status: Closed Package: oauth (PECL)
PHP Version: 5.3.3 OS: linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: james dot shoemaker at buyercompass dot com
New email:
PHP Version: OS:

 

 [2011-07-18 11:45 UTC] james dot shoemaker at buyercompass dot com
Description:
------------
  If you use a non 443 port the signature is calculated incorrectly for SSL connections.  Also if you use 443 and specify it in the uri it will also be calculated incorrectly.

  I use the firefox REST client to connect as a test case.


Reproduce code:
---------------
the target page calls

checkOAuthRequest();

with appropriate handlers for checkConsumer, checkToken, and checkNonce.


This patch solves the issue:

http://dev.buyercompass.com/oauth_ssl_patch.patch

Expected result:
----------------
  I expect the checkOAuthRequest() call to return with success

Actual result:
--------------
checkOAhthRequest() throws an exception for bad signature.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-07-18 12:27 UTC] jawed@php.net
Applied to trunk ... please test.

- JJ
 [2011-07-18 12:28 UTC] jawed@php.net
Err, forgot to mention in my previous post: thanks for the patch!
 [2011-07-18 12:51 UTC] james dot shoemaker at buyercompass dot com
exported source from svn, rebuilt and ran my test case, it works.  Thanks for your prompt action.
 [2011-07-18 17:32 UTC] james dot shoemaker at buyercompass dot com
found another issue, another patch will be forthcoming
 [2011-07-18 18:05 UTC] james dot shoemaker at buyercompass dot com
Stricmp isn't available on my other test platform.  Converted stricmp to strcmp on line 437.  updated patch, but it won't work on svn head anymore.
  Do I need to make a patch for the line 437 change?
 [2011-07-19 17:36 UTC] jawed@php.net
Changed stricmp to strcasecmp ... lmk if this is okay.

- JJ
 [2011-07-20 09:58 UTC] james dot shoemaker at buyercompass dot com
strcasecmp will do just fine.
 [2011-07-21 16:30 UTC] jawed@php.net
Thank you for your bug report. This issue has been fixed
in the latest released version of the package, which you can download at
http://pecl.php.net/get/oauth


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Mar 29 01:01:28 2024 UTC