OpenID consumer association doesn't pass up openid.dh_modulus or openid.dh_gen

soconnor - March 13, 2008 - 17:00

Project:	OpenID
Version:	5.x-1.1
Component:	OpenID Client
Category:	bug report
Priority:	critical
Assigned:	Unassigned
Status:	active

Jump to:

Most recent comment

This OpenID module doesn't follow the OpenID spec when using DH association. It should pass up the modulus and the gen used in creating the public key.

http://openid.net/specs/openid-authentication-2_0.html#anchor19

The code just needs to be modified to pass up these parameters when using DH.

$request['openid.dh_modulus'] = OPENID_DH_DEFAULT_MOD;
$request['openid.dh_gen '] = OPENID_DH_DEFAULT_GEN;

In function openid_association_request()

» Login or register to post comments

#1

soconnor - March 13, 2008 - 17:24

Whoops should have tested the fix before posting this bug. :-P The values need to be base64_encode'd

$request['openid.dh_modulus'] = base64_encode(OPENID_DH_DEFAULT_MOD);
$request['openid.dh_gen '] = base64_encode(OPENID_DH_DEFAULT_GEN);

Login or register to post comments

#2

DanielTheViking - March 29, 2008 - 23:55

Subscribing.

Login or register to post comments

Drupal is a registered trademark of Dries Buytaert.