Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix DC implementation #131

Merged
merged 1 commit into from
Aug 17, 2022
Merged

Fix DC implementation #131

merged 1 commit into from
Aug 17, 2022

Conversation

jhoyla
Copy link
Contributor

@jhoyla jhoyla commented Aug 16, 2022

This PR fixes a number of bugs in the DC implementation.
Specifically this addresses Issues #127, #128, #129, and #130.
It also adds generate_delegated_credential.go which provides a tool matching generate_cert.go in style, and producing a delegated credential of the specified properties.

@jhoyla jhoyla requested review from Lekensteyn and cjpatton August 16, 2022 14:42
Lekensteyn
Lekensteyn approved these changes Aug 16, 2022
View reviewed changes
Copy link
Contributor

@Lekensteyn Lekensteyn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM with two minor nits:

  • Add a comment about why PSSWithSHA256 is selected.
  • Update the commit message with a reference to the GitHub issues being addressed.

src/crypto/tls/delegated_credentials.go Show resolved Hide resolved
cjpatton
cjpatton reviewed Aug 16, 2022
View reviewed changes
Copy link
Contributor

@cjpatton cjpatton left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few minor things, but otherwise this is in good shape. Thanks for your hard work on this.

src/crypto/tls/handshake_server_tls13.go Outdated Show resolved Hide resolved
src/crypto/tls/handshake_server_tls13.go Outdated Show resolved Hide resolved
src/crypto/tls/auth.go Outdated Show resolved Hide resolved
src/crypto/tls/delegated_credentials.go Show resolved Hide resolved
src/crypto/tls/delegated_credentials.go Outdated Show resolved Hide resolved
src/crypto/tls/delegated_credentials.go Show resolved Hide resolved
src/crypto/tls/delegated_credentials.go Outdated Show resolved Hide resolved
src/crypto/tls/generate_delegated_credential.go Outdated Show resolved Hide resolved
src/crypto/tls/generate_delegated_credential.go Show resolved Hide resolved
src/crypto/tls/handshake_client_tls13.go Outdated Show resolved Hide resolved
cjpatton
cjpatton reviewed Aug 16, 2022
View reviewed changes
src/crypto/tls/common.go Outdated Show resolved Hide resolved
cjpatton
cjpatton reviewed Aug 16, 2022
View reviewed changes
src/crypto/tls/auth.go Outdated Show resolved Hide resolved
@jhoyla
Fix DC implementation, addresses issues #127, #128, #129, and #130.
69f28db 
Add tool for generating delegated credentials.
@jhoyla jhoyla merged commit fcd6ea9 into cf Aug 17, 2022
@jhoyla jhoyla deleted the fix-dcs branch August 17, 2022 12:16
bwesterb pushed a commit that referenced this pull request Sep 7, 2022
@jhoyla @bwesterb
Fix DC implementation #131
abb10c1 
Addresses issues #127, #128, #129, and #130.
Add tool for generating delegated credentials.
bwesterb pushed a commit that referenced this pull request Sep 8, 2022
@claucece @jhoyla @bwesterb
crypto/tls: implement draft-ietf-tls-subcerts-10
8c42a69 
* Define API for delegated credentials so they are fetched using the
  same mechanisms used to fetch certificates
* Allow the usage of other keyUsage when checking for the dc extension.

Fixes issues in earlier patch, addressing #127, #128, #129, #130, and #131.
Add tool for generating delegated credentials.

Co-authored-by: jhoyla <jhoyla@users.noreply.github.com>
bwesterb pushed a commit that referenced this pull request Oct 5, 2022
@claucece @jhoyla @bwesterb
crypto/tls: implement draft-ietf-tls-subcerts-10
845b9aa 
* Define API for delegated credentials so they are fetched using the
  same mechanisms used to fetch certificates
* Allow the usage of other keyUsage when checking for the dc extension.

Fixes issues in earlier patch, addressing #127, #128, #129, #130, and #131.
Add tool for generating delegated credentials.

Co-authored-by: jhoyla <jhoyla@users.noreply.github.com>
bwesterb pushed a commit that referenced this pull request Nov 1, 2022
@claucece @jhoyla @bwesterb
crypto/tls: implement draft-ietf-tls-subcerts-10
cf7f104 
* Define API for delegated credentials so they are fetched using the
  same mechanisms used to fetch certificates
* Allow the usage of other keyUsage when checking for the dc extension.

Fixes issues in earlier patch, addressing #127, #128, #129, #130, and #131.
Add tool for generating delegated credentials.

Co-authored-by: jhoyla <jhoyla@users.noreply.github.com>
bwesterb pushed a commit that referenced this pull request Dec 7, 2022
@claucece @jhoyla @bwesterb
crypto/tls: implement draft-ietf-tls-subcerts-10
94f99bd 
* Define API for delegated credentials so they are fetched using the
  same mechanisms used to fetch certificates
* Allow the usage of other keyUsage when checking for the dc extension.

Fixes issues in earlier patch, addressing #127, #128, #129, #130, and #131.
Add tool for generating delegated credentials.

Co-authored-by: jhoyla <jhoyla@users.noreply.github.com>
Lekensteyn pushed a commit that referenced this pull request Jan 17, 2023
@claucece @jhoyla @Lekensteyn
crypto/tls: implement draft-ietf-tls-subcerts-10
f1691ca 
* Define API for delegated credentials so they are fetched using the
  same mechanisms used to fetch certificates
* Allow the usage of other keyUsage when checking for the dc extension.

Fixes issues in earlier patch, addressing #127, #128, #129, #130, and #131.
Add tool for generating delegated credentials.

Co-authored-by: Jonathan Hoyland <jhoyland@cloudflare.com>
Lekensteyn pushed a commit that referenced this pull request Jan 17, 2023
@claucece @jhoyla @Lekensteyn
crypto/tls: implement draft-ietf-tls-subcerts-10
8b9ee58 
* Define API for delegated credentials so they are fetched using the
  same mechanisms used to fetch certificates
* Allow the usage of other keyUsage when checking for the dc extension.

Fixes issues in earlier patch, addressing #127, #128, #129, #130, and #131.
Add tool for generating delegated credentials.

Co-authored-by: Jonathan Hoyland <jhoyland@cloudflare.com>
Lekensteyn pushed a commit that referenced this pull request Jan 19, 2023
@claucece @jhoyla @Lekensteyn
crypto/tls: implement draft-ietf-tls-subcerts-10
ccb8370 
* Define API for delegated credentials so they are fetched using the
  same mechanisms used to fetch certificates
* Allow the usage of other keyUsage when checking for the dc extension.

Fixes issues in earlier patch, addressing #127, #128, #129, #130, and #131.
Add tool for generating delegated credentials.

Co-authored-by: Jonathan Hoyland <jhoyland@cloudflare.com>
bwesterb pushed a commit that referenced this pull request Feb 15, 2023
@claucece @jhoyla @bwesterb
crypto/tls: implement draft-ietf-tls-subcerts-10
b26e4d3 
* Define API for delegated credentials so they are fetched using the
  same mechanisms used to fetch certificates
* Allow the usage of other keyUsage when checking for the dc extension.

Fixes issues in earlier patch, addressing #127, #128, #129, #130, and #131.
Add tool for generating delegated credentials.

Co-authored-by: Jonathan Hoyland <jhoyland@cloudflare.com>
bwesterb pushed a commit that referenced this pull request Mar 1, 2023
@claucece @jhoyla @bwesterb
crypto/tls: implement draft-ietf-tls-subcerts-10
837ca0c 
* Define API for delegated credentials so they are fetched using the
  same mechanisms used to fetch certificates
* Allow the usage of other keyUsage when checking for the dc extension.

Fixes issues in earlier patch, addressing #127, #128, #129, #130, and #131.
Add tool for generating delegated credentials.

Co-authored-by: Jonathan Hoyland <jhoyland@cloudflare.com>
bwesterb pushed a commit that referenced this pull request Mar 2, 2023
@claucece @jhoyla @bwesterb
crypto/tls: implement draft-ietf-tls-subcerts-10
19948d4 
* Define API for delegated credentials so they are fetched using the
  same mechanisms used to fetch certificates
* Allow the usage of other keyUsage when checking for the dc extension.

Fixes issues in earlier patch, addressing #127, #128, #129, #130, and #131.
Add tool for generating delegated credentials.

Co-authored-by: Jonathan Hoyland <jhoyland@cloudflare.com>
Lekensteyn pushed a commit that referenced this pull request May 8, 2023
@claucece @jhoyla @Lekensteyn
crypto/tls: implement draft-ietf-tls-subcerts-10
ce38500 
* Define API for delegated credentials so they are fetched using the
  same mechanisms used to fetch certificates
* Allow the usage of other keyUsage when checking for the dc extension.

Fixes issues in earlier patch, addressing #127, #128, #129, #130, and #131.
Add tool for generating delegated credentials.

Co-authored-by: Jonathan Hoyland <jhoyland@cloudflare.com>
Lekensteyn pushed a commit that referenced this pull request May 10, 2023
@claucece @jhoyla @Lekensteyn
crypto/tls: implement draft-ietf-tls-subcerts-10
c8f4a7e 
* Define API for delegated credentials so they are fetched using the
  same mechanisms used to fetch certificates
* Allow the usage of other keyUsage when checking for the dc extension.

Fixes issues in earlier patch, addressing #127, #128, #129, #130, and #131.
Add tool for generating delegated credentials.

Co-authored-by: Jonathan Hoyland <jhoyland@cloudflare.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cjpatton cjpatton cjpatton approved these changes

@Lekensteyn Lekensteyn Lekensteyn approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jhoyla @Lekensteyn @cjpatton