-
Notifications
You must be signed in to change notification settings - Fork 54
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DC tests don't validate certificates #130
Comments
This was fixed in the kemtls branch. There was also another bug that was also fixed on that branch (I can't remember it anymore as it was a year ago). I also changed the API to something way nicer there, so that is def the code to use. It never got merged due to the debate of if kemtls should be in the main branch or not. |
I'll take a look tomorrow and compare the code.. and let you know if there is a bug that needs solving in main branch. |
* Define API for delegated credentials so they are fetched using the same mechanisms used to fetch certificates * Allow the usage of other keyUsage when checking for the dc extension. Fixes issues in earlier patch, addressing #127, #128, #129, #130, and #131. Add tool for generating delegated credentials. Co-authored-by: jhoyla <jhoyla@users.noreply.github.com>
* Define API for delegated credentials so they are fetched using the same mechanisms used to fetch certificates * Allow the usage of other keyUsage when checking for the dc extension. Fixes issues in earlier patch, addressing #127, #128, #129, #130, and #131. Add tool for generating delegated credentials. Co-authored-by: jhoyla <jhoyla@users.noreply.github.com>
* Define API for delegated credentials so they are fetched using the same mechanisms used to fetch certificates * Allow the usage of other keyUsage when checking for the dc extension. Fixes issues in earlier patch, addressing #127, #128, #129, #130, and #131. Add tool for generating delegated credentials. Co-authored-by: jhoyla <jhoyla@users.noreply.github.com>
* Define API for delegated credentials so they are fetched using the same mechanisms used to fetch certificates * Allow the usage of other keyUsage when checking for the dc extension. Fixes issues in earlier patch, addressing #127, #128, #129, #130, and #131. Add tool for generating delegated credentials. Co-authored-by: jhoyla <jhoyla@users.noreply.github.com>
* Define API for delegated credentials so they are fetched using the same mechanisms used to fetch certificates * Allow the usage of other keyUsage when checking for the dc extension. Fixes issues in earlier patch, addressing #127, #128, #129, #130, and #131. Add tool for generating delegated credentials. Co-authored-by: Jonathan Hoyland <jhoyland@cloudflare.com>
* Define API for delegated credentials so they are fetched using the same mechanisms used to fetch certificates * Allow the usage of other keyUsage when checking for the dc extension. Fixes issues in earlier patch, addressing #127, #128, #129, #130, and #131. Add tool for generating delegated credentials. Co-authored-by: Jonathan Hoyland <jhoyland@cloudflare.com>
* Define API for delegated credentials so they are fetched using the same mechanisms used to fetch certificates * Allow the usage of other keyUsage when checking for the dc extension. Fixes issues in earlier patch, addressing #127, #128, #129, #130, and #131. Add tool for generating delegated credentials. Co-authored-by: Jonathan Hoyland <jhoyland@cloudflare.com>
* Define API for delegated credentials so they are fetched using the same mechanisms used to fetch certificates * Allow the usage of other keyUsage when checking for the dc extension. Fixes issues in earlier patch, addressing #127, #128, #129, #130, and #131. Add tool for generating delegated credentials. Co-authored-by: Jonathan Hoyland <jhoyland@cloudflare.com>
* Define API for delegated credentials so they are fetched using the same mechanisms used to fetch certificates * Allow the usage of other keyUsage when checking for the dc extension. Fixes issues in earlier patch, addressing #127, #128, #129, #130, and #131. Add tool for generating delegated credentials. Co-authored-by: Jonathan Hoyland <jhoyland@cloudflare.com>
* Define API for delegated credentials so they are fetched using the same mechanisms used to fetch certificates * Allow the usage of other keyUsage when checking for the dc extension. Fixes issues in earlier patch, addressing #127, #128, #129, #130, and #131. Add tool for generating delegated credentials. Co-authored-by: Jonathan Hoyland <jhoyland@cloudflare.com>
* Define API for delegated credentials so they are fetched using the same mechanisms used to fetch certificates * Allow the usage of other keyUsage when checking for the dc extension. Fixes issues in earlier patch, addressing #127, #128, #129, #130, and #131. Add tool for generating delegated credentials. Co-authored-by: Jonathan Hoyland <jhoyland@cloudflare.com>
* Define API for delegated credentials so they are fetched using the same mechanisms used to fetch certificates * Allow the usage of other keyUsage when checking for the dc extension. Fixes issues in earlier patch, addressing #127, #128, #129, #130, and #131. Add tool for generating delegated credentials. Co-authored-by: Jonathan Hoyland <jhoyland@cloudflare.com>
In
delegated_credentials_test.go
TestDCHandshakeServerAuth
setsclientConfig.InsecureSkipVerify = true
. Because of how golang handles global state this is propagated to all later tests. This leads to test failures if the tests are run in a different order or individually.This means that even if you put bit flips into the test certificate signatures the tests will still pass.
The text was updated successfully, but these errors were encountered: