OriginRSA and OriginECC are flipped? #72

ckwalsh · 2022-11-02T08:01:27Z

Take a look at

origin-ca-issuer/pkgs/provisioners/origin.go

Lines 108 to 111 in 39d567a

    
           case v1.RequestTypeOriginECC: 
        
           	reqType = "origin-rsa" 
        
           case v1.RequestTypeOriginRSA: 
        
           	reqType = "origin-ecc"

I just installed origin-ca-issuer (it works great!), but I noticed I got a SHA256-RSA signature when using the OriginIssuer example from the README, which sets requestType: OriginECC.

Conversely, when I updated it to requestType: OriginRSA and forced a certificate to be reissued, I got a ECDSA-SHA256 signature.

The text was updated successfully, but these errors were encountered:

terinjokes · 2022-11-02T17:04:09Z

Well, that's ackward. This area was refectored as part of open sourcing, so I'll have to check pre-history to understand what went wrong. I suspect a bad merge somehow happened.

The requested certificate type was backwards, so requesting an RSA signature resulted in an ECC signature from the Origin CA API and vice-versa. This changeset corrects the requested signature type, and adds tests to verify the provisioner's behaviors. Fixes #72

terinjokes mentioned this issue Nov 22, 2022

fix(provisioners): request correct signing type #75

Merged

terinjokes closed this as completed in ca05b86 Nov 23, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

OriginRSA and OriginECC are flipped? #72

OriginRSA and OriginECC are flipped? #72

ckwalsh commented Nov 2, 2022

terinjokes commented Nov 2, 2022

OriginRSA and OriginECC are flipped? #72

OriginRSA and OriginECC are flipped? #72

Comments

ckwalsh commented Nov 2, 2022

terinjokes commented Nov 2, 2022