Do NOT collect signature cert from the authn request and use for encryption.

Hans Hörberg · Hans Hörberg · commit b6c8938e7db8 · 2015-05-25T15:32:31.000+02:00
diff --git a/src/saml2/sigver.py b/src/saml2/sigver.py
@@ -1070,17 +1070,17 @@ def encrypt_cert_from_item(item):
                                                [pefim, ds])
         if len(_elem) == 1:
             _encrypt_cert = _elem[0].x509_data[0].x509_certificate.text
-        else:
-            certs = cert_from_instance(item)
-            if len(certs) > 0:
-                _encrypt_cert = certs[0]
+        #else:
+        #    certs = cert_from_instance(item)
+        #    if len(certs) > 0:
+        #        _encrypt_cert = certs[0]
     except Exception:
         pass
 
-    if _encrypt_cert is None:
-        certs = cert_from_instance(item)
-        if len(certs) > 0:
-            _encrypt_cert = certs[0]
+    #if _encrypt_cert is None:
+    #    certs = cert_from_instance(item)
+    #    if len(certs) > 0:
+    #        _encrypt_cert = certs[0]
 
     if _encrypt_cert is not None:
         if _encrypt_cert.find("-----BEGIN CERTIFICATE-----\n") == -1:
