Public bug reported: Binary package hint: php-openid
php-openid-2.0.0 does not correctly deal with associations of type HMAC- SHA256. The code only supports the generation of HMAC-SHA1 signatures, but it fails to reject attempts at a HMAC-SHA256 connection with an "unsupported-type" error code as http://openid.net/specs/openid- authentication-2_0.html#refuse_assoc requires. The result is that a php- openid-2.0.0 server on current stable (jaunty) or current LTS (hardy) will be considered invalid by e.g. a current ZendFramework client like the one employed by sourceforge. This bug here might be contributing to bug #313703, although there might be more in that bug. The solution is probably the same, though: updating to 2.1.3 as available in karmic. It shouldn't be too difficult to backport this package to hardy and jaunty, and maybe to intrepid as well. Maybe the package from karmic can be taken as is. ** Affects: php-openid (Ubuntu) Importance: Undecided Status: New -- php-openid 2.0.0 has broken support for HMAC-SHA256 https://bugs.launchpad.net/bugs/399244 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
