From 8892568652c2fc56e39611660d9bec4770c4354b Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Sat, 13 Jan 2018 12:24:55 -0800
Subject: [PATCH 1/3] improve owa logging

---
 Zotlabs/Module/Owa.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/Zotlabs/Module/Owa.php b/Zotlabs/Module/Owa.php
index 9a39fe4c0..8764a33ee 100644
--- a/Zotlabs/Module/Owa.php
+++ b/Zotlabs/Module/Owa.php
@@ -38,14 +38,18 @@ class Owa extends \Zotlabs\Web\Controller {
 							foreach($r as $hubloc) {
 								$verified = \Zotlabs\Web\HTTPSig::verify('',$hubloc['xchan_pubkey']);	
 								if($verified && $verified['header_signed'] && $verified['header_valid']) {
+									logger('OWA success: ' . $hubloc['hubloc_addr'],LOGGER_DATA);
 									$ret['success'] = true;
 									$token = random_string(32);
-									\Zotlabs\Zot\Verify::create('owt',0,$token,$r[0]['hubloc_addr']);
+									\Zotlabs\Zot\Verify::create('owt',0,$token,$hubloc['hubloc_addr']);
 									$result = '';
 									openssl_public_encrypt($token,$result,$hubloc['xchan_pubkey']);
 									$ret['encrypted_token'] = base64url_encode($result);
 									break;
 								}
+								else {
+									logger('OWA fail: ' . $hubloc['hubloc_id'] . ' ' . $hubloc['hubloc_addr']);
+								}
 							}
 						}
 					}

From 08bea83c032675e93c789070e681aab212c1d2a4 Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Sat, 13 Jan 2018 13:45:33 -0800
Subject: [PATCH 2/3] unexpected openssl result

---
 Zotlabs/Module/Owa.php  | 1 +
 Zotlabs/Web/HTTPSig.php | 2 +-
 include/crypto.php      | 2 +-
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/Zotlabs/Module/Owa.php b/Zotlabs/Module/Owa.php
index 8764a33ee..537489687 100644
--- a/Zotlabs/Module/Owa.php
+++ b/Zotlabs/Module/Owa.php
@@ -38,6 +38,7 @@ class Owa extends \Zotlabs\Web\Controller {
 							foreach($r as $hubloc) {
 								$verified = \Zotlabs\Web\HTTPSig::verify('',$hubloc['xchan_pubkey']);	
 								if($verified && $verified['header_signed'] && $verified['header_valid']) {
+									logger('OWA header: ' . print_r($verified,true));	
 									logger('OWA success: ' . $hubloc['hubloc_addr'],LOGGER_DATA);
 									$ret['success'] = true;
 									$token = random_string(32);
diff --git a/Zotlabs/Web/HTTPSig.php b/Zotlabs/Web/HTTPSig.php
index 9a8c23a9b..9a6c3cd39 100644
--- a/Zotlabs/Web/HTTPSig.php
+++ b/Zotlabs/Web/HTTPSig.php
@@ -117,7 +117,7 @@ class HTTPSig {
 
 		logger('verified: ' . $x, LOGGER_DEBUG);
 
-		if($x === false)
+		if(! intval($x))
 			return $result;
 
 		if(! $spoofable)
diff --git a/include/crypto.php b/include/crypto.php
index 622add4dc..ab10edb03 100644
--- a/include/crypto.php
+++ b/include/crypto.php
@@ -28,7 +28,7 @@ function rsa_verify($data,$sig,$key,$alg = 'sha256') {
 		btlogger('openssl_verify: key: ' . $key, LOGGER_DEBUG, LOG_ERR); 
 	}
 
-	return $verify;
+	return (intval($verify) > 0 ? 1 : 0);
 }
 
 function pkcs5_pad ($text, $blocksize)

From eb3e43feec4e2de439de5398fcf498c0de5afbd4 Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Sat, 13 Jan 2018 14:08:15 -0800
Subject: [PATCH 3/3] cleanup of last fix

---
 Zotlabs/Module/Owa.php  | 2 +-
 Zotlabs/Web/HTTPSig.php | 2 +-
 include/crypto.php      | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Zotlabs/Module/Owa.php b/Zotlabs/Module/Owa.php
index 537489687..23ee14f39 100644
--- a/Zotlabs/Module/Owa.php
+++ b/Zotlabs/Module/Owa.php
@@ -38,7 +38,7 @@ class Owa extends \Zotlabs\Web\Controller {
 							foreach($r as $hubloc) {
 								$verified = \Zotlabs\Web\HTTPSig::verify('',$hubloc['xchan_pubkey']);	
 								if($verified && $verified['header_signed'] && $verified['header_valid']) {
-									logger('OWA header: ' . print_r($verified,true));	
+									logger('OWA header: ' . print_r($verified,true),LOGGER_DATA);	
 									logger('OWA success: ' . $hubloc['hubloc_addr'],LOGGER_DATA);
 									$ret['success'] = true;
 									$token = random_string(32);
diff --git a/Zotlabs/Web/HTTPSig.php b/Zotlabs/Web/HTTPSig.php
index 9a6c3cd39..63033ce5e 100644
--- a/Zotlabs/Web/HTTPSig.php
+++ b/Zotlabs/Web/HTTPSig.php
@@ -117,7 +117,7 @@ class HTTPSig {
 
 		logger('verified: ' . $x, LOGGER_DEBUG);
 
-		if(! intval($x))
+		if(! $x)
 			return $result;
 
 		if(! $spoofable)
diff --git a/include/crypto.php b/include/crypto.php
index ab10edb03..b990b18d9 100644
--- a/include/crypto.php
+++ b/include/crypto.php
@@ -22,13 +22,13 @@ function rsa_verify($data,$sig,$key,$alg = 'sha256') {
 		$alg = OPENSSL_ALGO_SHA256;
 	$verify = @openssl_verify($data,$sig,$key,$alg);
 
-	if(! $verify) {
+	if($verify === (-1)) {
 		while($msg = openssl_error_string())
 			logger('openssl_verify: ' . $msg,LOGGER_NORMAL,LOG_ERR);
 		btlogger('openssl_verify: key: ' . $key, LOGGER_DEBUG, LOG_ERR); 
 	}
 
-	return (intval($verify) > 0 ? 1 : 0);
+	return (($verify > 0) ? true : false);
 }
 
 function pkcs5_pad ($text, $blocksize)