From feda23587c7e24dec0cfc8be9f2f444e009f967f Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 13 Aug 2019 16:53:04 -0700 Subject: illegal offset warning (prevents encrypted signatures from being used for encrypted messages). Not fatal but can leak metadata. --- include/zot.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/zot.php b/include/zot.php index 53c3d4d86..60bada1d6 100644 --- a/include/zot.php +++ b/include/zot.php @@ -304,7 +304,7 @@ function zot_zot($url, $data, $channel = null,$crypto = null) { if($channel) { $headers['X-Zot-Token'] = random_string(); $headers['X-Zot-Digest'] = \Zotlabs\Web\HTTPSig::generate_digest_header($data); - $h = \Zotlabs\Web\HTTPSig::create_sig($headers,$channel['channel_prvkey'],'acct:' . channel_reddress($channel),false,'sha512',(($crypto) ? $crypto['hubloc_sitekey'] : ''), (($crypto) ? zot_best_algorithm($crypto['site_crypto']) : '')); + $h = \Zotlabs\Web\HTTPSig::create_sig($headers,$channel['channel_prvkey'],'acct:' . channel_reddress($channel),false,'sha512',(($crypto) ? [ 'key' => $crypto['hubloc_sitekey'], 'algorithm' => $crypto['site_crypto'] ] : false)); } $redirects = 0; -- cgit v1.2.3