Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

win-ca: Fix importing CAs from system #6199

Merged
merged 1 commit into from
Dec 14, 2023
Merged

win-ca: Fix importing CAs from system #6199

merged 1 commit into from
Dec 14, 2023

Conversation

mook-as
Copy link
Contributor

@mook-as mook-as commented Dec 13, 2023

  • Use dotAll flag on the RE to find end of certificates
  • Emit any extra data at the end of the cert list (even though it is likely to be empty)

Fixes #6198

@mook-as
win-ca: Fix importing CAs from system
5bd909f 
- Use dotAll flag on the RE to find end of certificates
- Emit any extra data at the end of the cert list (even though it is likely
  to be empty)

Signed-off-by: Mark Yen <mark.yen@suse.com>
jandubois
jandubois approved these changes Dec 13, 2023
View reviewed changes
Copy link
Member

@jandubois jandubois left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I haven't tested it, but the code change looks good. But I think only the dotAll flag is really necessary; I don't understand the point of emitting additional data at the end that isn't a well-formed cert. I expect it will either be ignored by the consumer, or throw an error there...

@mook-as
Copy link
Contributor Author

mook-as commented Dec 13, 2023

Yeah, only the dotAll is needed. Invalid certs just print a warning, but since there's a chance we missed something printing the rest still means we can potentially recover bits.

I should have based this on release-1.12 branch… ah well, cherry-pick it is.

@mook-as mook-as merged commit 38e966c into rancher-sandbox:main Dec 14, 2023
10 checks passed
@mook-as mook-as deleted the win32/ca-import branch December 14, 2023 00:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jandubois jandubois jandubois approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Windows CA certificates are not correctly imported
2 participants
@mook-as @jandubois