Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow fallback to pulling cert when checking private/public key consistency #435

Merged
merged 2 commits into from
Aug 26, 2024
Merged

Allow fallback to pulling cert when checking private/public key consistency #435

merged 2 commits into from
Aug 26, 2024

Conversation

simo5
Copy link
Member

@simo5 simo5 commented Aug 26, 2024
edited
Loading

Description

This behavior is needed to pass some openssl consistency checks with tokens that store the public key only in a cert object.

Fixes #430

Checklist

  • Code modified for feature
  • Test suite updated with functionality tests
  • Test suite updated with negative tests
  • [ ] Documentation updated

Reviewer's checklist:

  • Any issues marked for closing are addressed
  • There is a test suite reasonably covering new functionality or modifications
  • This feature/change has adequate documentation added
  • Code conform to coding style that today cannot yet be enforced via the check style test
  • Commits have short titles and sensible commit messages
  • Coverity Scan has run if needed (code PR) and no new defects were found

@simo5 simo5 requested a review from Jakuje August 26, 2024 16:10
Jakuje
Jakuje reviewed Aug 26, 2024
View reviewed changes
src/objects.c Outdated Show resolved Hide resolved
tests/tlssetkey.c Outdated Show resolved Hide resolved
tests/ttls Outdated Show resolved Hide resolved
@simo5 simo5 force-pushed the bug430 branch 2 times, most recently from 98f1b48 to d5ea0ce Compare August 26, 2024 16:31
@simo5
Copy link
Member Author

simo5 commented Aug 26, 2024

Ok added test with URIs for private key that has the corresponding pub key too, it cost us nothing after all.

@simo5 simo5 added the covscan Triggers Coverity Scanner label Aug 26, 2024
@github-actions github-actions bot removed the covscan Triggers Coverity Scanner label Aug 26, 2024
simo5 added 2 commits August 26, 2024 19:32
@simo5
Test token with EC Cert without public key
c70e83b 
Signed-off-by: Simo Sorce <simo@redhat.com>
@simo5
Fall back to check cert if no pub key is found
d0abeef 
This allows tokens, that store the public key only in certificates
without a public key object, to pass the openssl consistency check.

Fixes latchset#430

Signed-off-by: Simo Sorce <simo@redhat.com>
@simo5 simo5 added the covscan-ok Coverity scan passed label Aug 26, 2024
@simo5
Copy link
Member Author

simo5 commented Aug 26, 2024

@Jakuje given you told me (privately) that there were no makor issues with this PR, all test pass and cosvcan is happy, I am going to merge.

I need this in for my next PR.

@simo5 simo5 merged commit 7d8b369 into latchset:main Aug 26, 2024
41 checks passed
@simo5 simo5 mentioned this pull request Aug 27, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Jakuje Jakuje Jakuje left review comments

Assignees
No one assigned
Labels
covscan-ok Coverity scan passed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Fallback to fetching public key from certificate not always applied?
2 participants
@simo5 @Jakuje