gregvish

From 0dd4c31adb9fc4d2e400e4244665c4f523e6cbb0 Mon Sep 17 00:00:00 2001
From: Greg Vishnepolsky <greg@adallom.com>
Date: Mon, 9 Feb 2015 13:06:02 +0200
Subject: [PATCH] Added additional transforms to constraints of xml signature
 validation

---
 lasso/xml/tools.c | 3 +++
 1 file changed, 3 insertions(+)

gregvish

from socket import socket, SO_REUSEADDR, SOL_SOCKET
from asyncio import Task, coroutine, get_event_loop

class Peer(object):
    def __init__(self, server, sock, name):
        self.loop = server.loop
        self.name = name
        self._sock = sock
        self._server = server
        Task(self._peer_handler())

gregvish

diff --git a/dm.xmlsec.binding.egg-info/PKG-INFO b/dm.xmlsec.binding.egg-info/PKG-INFO
index ef2b2b6..edfdd9a 100644
--- a/dm.xmlsec.binding.egg-info/PKG-INFO
+++ b/dm.xmlsec.binding.egg-info/PKG-INFO
@@ -524,6 +524,8 @@ Description: This package contains a Cython (http://cython.org/) based bindung
         ...         dsigCtx.enableReferenceTransform(tid)
         ...     dsigCtx.enableSignatureTransform(xmlsec.TransformRsaSha1)
         ...     dsigCtx.enableReferenceTransform(xmlsec.TransformEnveloped)
+        ...     # limit the allowed KeyData elements
+        ...     dsigCtx.setEnabledKeyData([xmlsec.KeyDataX509])

gregvish

<?xml version="1.0" encoding="UTF-8"?>
<document>
  <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
    <SignedInfo>
      <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
      <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
      <Reference>
        <Transforms>
          <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
          <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>

gregvish

<?xml version="1.0" encoding="UTF-8"?>
<document>
  <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
    <SignedInfo>
      <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
      <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
      <Reference>
        <Transforms>
          <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
          <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>

gregvish

diff --git a/src/_xmlsec.pyx b/src/_xmlsec.pyx
index 45e9427..ffbd1a0 100644
--- a/src/_xmlsec.pyx
+++ b/src/_xmlsec.pyx
@@ -388,8 +388,16 @@ cdef class DSigCtx:
     if rv < 0:
       raise Error("enableSignatureTransform failed", rv)
     
-
-

gregvish

Test

gregvish

diff --git a/auto/modules b/auto/modules
index a78e785..30e1645 100644
--- a/auto/modules
+++ b/auto/modules
@@ -376,6 +376,7 @@ if [ $HTTP_UPSTREAM_LEAST_CONN = YES ]; then
 fi
 
 if [ $HTTP_UPSTREAM_KEEPALIVE = YES ]; then
+    have=NGX_HTTP_UPSTREAM_KEEPALIVE . auto/have
     HTTP_MODULES="$HTTP_MODULES $HTTP_UPSTREAM_KEEPALIVE_MODULE"

gregvish

diff --git a/src/http/modules/ngx_http_proxy_module.c b/src/http/modules/ngx_http_proxy_module.c
index 5e62caa..e514d64 100644
--- a/src/http/modules/ngx_http_proxy_module.c
+++ b/src/http/modules/ngx_http_proxy_module.c
@@ -513,6 +513,20 @@ static ngx_command_t  ngx_http_proxy_commands[] = {
 
 #endif
 
+    { ngx_string("proxy_upstream_default_keepalive"),
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,

gregvish

diff --git a/src/http/modules/ngx_http_proxy_module.c b/src/http/modules/ngx_http_proxy_module.c
index 5e62caa..9d41d71 100644
--- a/src/http/modules/ngx_http_proxy_module.c
+++ b/src/http/modules/ngx_http_proxy_module.c
@@ -513,6 +513,27 @@ static ngx_command_t  ngx_http_proxy_commands[] = {
 
 #endif
 
+    { ngx_string("proxy_upstream_default_keepalive"),
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,