Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check TEE quotes in X.509 certificates #1861

Closed
ipetr0v opened this issue Feb 2, 2021 · 0 comments · Fixed by #1893
Closed

Check TEE quotes in X.509 certificates #1861

ipetr0v opened this issue Feb 2, 2021 · 0 comments · Fixed by #1893
Assignees
@ipetr0v
Labels
lang/Rust P2

Comments

@ipetr0v
Copy link
Contributor

ipetr0v commented Feb 2, 2021

After finishing #1860 we need to implement the ability to analyze X.509 certificates and specifically check that TEE quotes (saved as an extension) are correct.

Note: it looks like tonic doesn't provide functions for analyzing server certificates. There is a peer_certs function, but it only intercepts certificates sent in the requests, so it doesn't allow to get server certificates.
@ipetr0v ipetr0v self-assigned this Feb 2, 2021
@ipetr0v ipetr0v mentioned this issue Feb 4, 2021
Merged
@ipetr0v ipetr0v assigned ipetr0v and unassigned ipetr0v Feb 18, 2021
@ipetr0v ipetr0v mentioned this issue Feb 24, 2021
Merged
ipetr0v added a commit that referenced this issue Mar 3, 2021
@ipetr0v
Add Rust Proxy Attestation client (#1893)
66efcdb 
This commit adds a Proxy Attestation client with a custom TLS certificate verifier, that checks TEE quotes in X.509 TEE extensions.

Fixes #1861
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ipetr0v ipetr0v

Labels
lang/Rust P2
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add Rust Proxy Attestation client ipetr0v/oak
1 participant
@ipetr0v