Error after upgrade: supplied parameter cannot be coerced into an X509 certificate

[onnerby]

We just made an upgrade from 3.6.1 to 3.7.0 that works perfect against Google SSO.
But after upgrading - one of our customers that are using some internal SAML-implementation got errors like this

openssl_x509_read(): supplied parameter cannot be coerced into an X509 certificate! in .../vendor/robrichards/xmlseclibs/src/XMLSecurityKey.php(365)
#1 .../vendor/robrichards/xmlseclibs/src/XMLSecurityKey.php(365): openssl_x509_read('-----BEGIN CERT...')
#2 .../vendor/onelogin/php-saml/src/Saml2/Utils.php(1500): RobRichards\XMLSecLibs\XMLSecurityKey->loadKey('-----BEGIN CERT...', false, true)
#3 .../vendor/onelogin/php-saml/src/Saml2/Response.php(433): OneLogin\Saml2\Utils::validateSign(Object(DOMDocument), '-----BEGIN CERT...', '', 'sha1', '/samlp:Response...', Array)

I quickly reverted back to 3.6.1 that works great.
Any idea what went wrong?

Thank you for a great library 😄

[pitbulk]

Hi @onnerby,

related to certs, on 3.7.0 was introduced the hability to identify comments on public cert files:

• X509 cert comments #570

Are you able to identify the original public cert that you were trying to read and had the error with the openssl_x509_read
Wonder if a corner case bug was introduced with this PR.

It would be great if I could reproduce the same and release a 3.7.1 version with the fix, so please provide me with the data to reproduce it (notice that public certs are already public), but send it by mail (find it in my profile) if you prefer that option.

[pitbulk]

Hi @onnerby,

following up on this. Do you have the chance to share with me what I requested in previous message?

[onnerby]

Hi @onnerby,

following up on this. Do you have the chance to share with me what I requested in previous message?

@pitbulk I'm waiting for my customer's approval to test this again, but they are currently on vacation ⛱️
I'll try again in a couple of weeks

[pitbulk]

@onnerby , any news?

[gr8b]

Any news on issue? Thanks.