DC tests don't validate certificates #130
Comments
|
This was fixed in the kemtls branch. There was also another bug that was also fixed on that branch (I can't remember it anymore as it was a year ago). I also changed the API to something way nicer there, so that is def the code to use. It never got merged due to the debate of if kemtls should be in the main branch or not. |
|
I'll take a look tomorrow and compare the code.. and let you know if there is a bug that needs solving in main branch. |
bwesterb
pushed a commit
that referenced
this issue
Sep 7, 2022
bwesterb
pushed a commit
that referenced
this issue
Sep 8, 2022
* Define API for delegated credentials so they are fetched using the same mechanisms used to fetch certificates * Allow the usage of other keyUsage when checking for the dc extension. Fixes issues in earlier patch, addressing #127, #128, #129, #130, and #131. Add tool for generating delegated credentials. Co-authored-by: jhoyla <[email protected]>
bwesterb
pushed a commit
that referenced
this issue
Oct 5, 2022
* Define API for delegated credentials so they are fetched using the same mechanisms used to fetch certificates * Allow the usage of other keyUsage when checking for the dc extension. Fixes issues in earlier patch, addressing #127, #128, #129, #130, and #131. Add tool for generating delegated credentials. Co-authored-by: jhoyla <[email protected]>
bwesterb
pushed a commit
that referenced
this issue
Nov 1, 2022
* Define API for delegated credentials so they are fetched using the same mechanisms used to fetch certificates * Allow the usage of other keyUsage when checking for the dc extension. Fixes issues in earlier patch, addressing #127, #128, #129, #130, and #131. Add tool for generating delegated credentials. Co-authored-by: jhoyla <[email protected]>
bwesterb
pushed a commit
that referenced
this issue
Dec 7, 2022
* Define API for delegated credentials so they are fetched using the same mechanisms used to fetch certificates * Allow the usage of other keyUsage when checking for the dc extension. Fixes issues in earlier patch, addressing #127, #128, #129, #130, and #131. Add tool for generating delegated credentials. Co-authored-by: jhoyla <[email protected]>
Lekensteyn
pushed a commit
that referenced
this issue
Jan 17, 2023
* Define API for delegated credentials so they are fetched using the same mechanisms used to fetch certificates * Allow the usage of other keyUsage when checking for the dc extension. Fixes issues in earlier patch, addressing #127, #128, #129, #130, and #131. Add tool for generating delegated credentials. Co-authored-by: Jonathan Hoyland <[email protected]>
Lekensteyn
pushed a commit
that referenced
this issue
Jan 17, 2023
* Define API for delegated credentials so they are fetched using the same mechanisms used to fetch certificates * Allow the usage of other keyUsage when checking for the dc extension. Fixes issues in earlier patch, addressing #127, #128, #129, #130, and #131. Add tool for generating delegated credentials. Co-authored-by: Jonathan Hoyland <[email protected]>
Lekensteyn
pushed a commit
that referenced
this issue
Jan 19, 2023
* Define API for delegated credentials so they are fetched using the same mechanisms used to fetch certificates * Allow the usage of other keyUsage when checking for the dc extension. Fixes issues in earlier patch, addressing #127, #128, #129, #130, and #131. Add tool for generating delegated credentials. Co-authored-by: Jonathan Hoyland <[email protected]>
bwesterb
pushed a commit
that referenced
this issue
Feb 15, 2023
* Define API for delegated credentials so they are fetched using the same mechanisms used to fetch certificates * Allow the usage of other keyUsage when checking for the dc extension. Fixes issues in earlier patch, addressing #127, #128, #129, #130, and #131. Add tool for generating delegated credentials. Co-authored-by: Jonathan Hoyland <[email protected]>
bwesterb
pushed a commit
that referenced
this issue
Mar 1, 2023
* Define API for delegated credentials so they are fetched using the same mechanisms used to fetch certificates * Allow the usage of other keyUsage when checking for the dc extension. Fixes issues in earlier patch, addressing #127, #128, #129, #130, and #131. Add tool for generating delegated credentials. Co-authored-by: Jonathan Hoyland <[email protected]>
bwesterb
pushed a commit
that referenced
this issue
Mar 2, 2023
* Define API for delegated credentials so they are fetched using the same mechanisms used to fetch certificates * Allow the usage of other keyUsage when checking for the dc extension. Fixes issues in earlier patch, addressing #127, #128, #129, #130, and #131. Add tool for generating delegated credentials. Co-authored-by: Jonathan Hoyland <[email protected]>
Lekensteyn
pushed a commit
that referenced
this issue
May 8, 2023
* Define API for delegated credentials so they are fetched using the same mechanisms used to fetch certificates * Allow the usage of other keyUsage when checking for the dc extension. Fixes issues in earlier patch, addressing #127, #128, #129, #130, and #131. Add tool for generating delegated credentials. Co-authored-by: Jonathan Hoyland <[email protected]>
Lekensteyn
pushed a commit
that referenced
this issue
May 10, 2023
* Define API for delegated credentials so they are fetched using the same mechanisms used to fetch certificates * Allow the usage of other keyUsage when checking for the dc extension. Fixes issues in earlier patch, addressing #127, #128, #129, #130, and #131. Add tool for generating delegated credentials. Co-authored-by: Jonathan Hoyland <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In
delegated_credentials_test.goTestDCHandshakeServerAuthsetsclientConfig.InsecureSkipVerify = true. Because of how golang handles global state this is propagated to all later tests. This leads to test failures if the tests are run in a different order or individually.This means that even if you put bit flips into the test certificate signatures the tests will still pass.
The text was updated successfully, but these errors were encountered: