Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DC tests don't validate certificates #130

Open
jhoyla opened this issue Aug 16, 2022 · 2 comments
Open

DC tests don't validate certificates #130

jhoyla opened this issue Aug 16, 2022 · 2 comments

Comments

@jhoyla
Copy link
Contributor

jhoyla commented Aug 16, 2022

In delegated_credentials_test.go TestDCHandshakeServerAuth sets clientConfig.InsecureSkipVerify = true. Because of how golang handles global state this is propagated to all later tests. This leads to test failures if the tests are run in a different order or individually.
This means that even if you put bit flips into the test certificate signatures the tests will still pass.

jhoyla added a commit that referenced this issue Aug 17, 2022
Add tool for generating delegated credentials.
jhoyla added a commit that referenced this issue Aug 17, 2022
Addresses issues #127, #128, #129, and #130.
Add tool for generating delegated credentials.
@claucece
Copy link
Contributor

This was fixed in the kemtls branch. There was also another bug that was also fixed on that branch (I can't remember it anymore as it was a year ago). I also changed the API to something way nicer there, so that is def the code to use. It never got merged due to the debate of if kemtls should be in the main branch or not.

@claucece
Copy link
Contributor

I'll take a look tomorrow and compare the code.. and let you know if there is a bug that needs solving in main branch.

bwesterb pushed a commit that referenced this issue Sep 7, 2022
Addresses issues #127, #128, #129, and #130.
Add tool for generating delegated credentials.
bwesterb pushed a commit that referenced this issue Sep 8, 2022
* Define API for delegated credentials so they are fetched using the
  same mechanisms used to fetch certificates
* Allow the usage of other keyUsage when checking for the dc extension.

Fixes issues in earlier patch, addressing #127, #128, #129, #130, and #131.
Add tool for generating delegated credentials.

Co-authored-by: jhoyla <jhoyla@users.noreply.github.com>
bwesterb pushed a commit that referenced this issue Oct 5, 2022
* Define API for delegated credentials so they are fetched using the
  same mechanisms used to fetch certificates
* Allow the usage of other keyUsage when checking for the dc extension.

Fixes issues in earlier patch, addressing #127, #128, #129, #130, and #131.
Add tool for generating delegated credentials.

Co-authored-by: jhoyla <jhoyla@users.noreply.github.com>
bwesterb pushed a commit that referenced this issue Nov 1, 2022
* Define API for delegated credentials so they are fetched using the
  same mechanisms used to fetch certificates
* Allow the usage of other keyUsage when checking for the dc extension.

Fixes issues in earlier patch, addressing #127, #128, #129, #130, and #131.
Add tool for generating delegated credentials.

Co-authored-by: jhoyla <jhoyla@users.noreply.github.com>
bwesterb pushed a commit that referenced this issue Dec 7, 2022
* Define API for delegated credentials so they are fetched using the
  same mechanisms used to fetch certificates
* Allow the usage of other keyUsage when checking for the dc extension.

Fixes issues in earlier patch, addressing #127, #128, #129, #130, and #131.
Add tool for generating delegated credentials.

Co-authored-by: jhoyla <jhoyla@users.noreply.github.com>
Lekensteyn pushed a commit that referenced this issue Jan 17, 2023
* Define API for delegated credentials so they are fetched using the
  same mechanisms used to fetch certificates
* Allow the usage of other keyUsage when checking for the dc extension.

Fixes issues in earlier patch, addressing #127, #128, #129, #130, and #131.
Add tool for generating delegated credentials.

Co-authored-by: Jonathan Hoyland <jhoyland@cloudflare.com>
Lekensteyn pushed a commit that referenced this issue Jan 17, 2023
* Define API for delegated credentials so they are fetched using the
  same mechanisms used to fetch certificates
* Allow the usage of other keyUsage when checking for the dc extension.

Fixes issues in earlier patch, addressing #127, #128, #129, #130, and #131.
Add tool for generating delegated credentials.

Co-authored-by: Jonathan Hoyland <jhoyland@cloudflare.com>
Lekensteyn pushed a commit that referenced this issue Jan 19, 2023
* Define API for delegated credentials so they are fetched using the
  same mechanisms used to fetch certificates
* Allow the usage of other keyUsage when checking for the dc extension.

Fixes issues in earlier patch, addressing #127, #128, #129, #130, and #131.
Add tool for generating delegated credentials.

Co-authored-by: Jonathan Hoyland <jhoyland@cloudflare.com>
bwesterb pushed a commit that referenced this issue Feb 15, 2023
* Define API for delegated credentials so they are fetched using the
  same mechanisms used to fetch certificates
* Allow the usage of other keyUsage when checking for the dc extension.

Fixes issues in earlier patch, addressing #127, #128, #129, #130, and #131.
Add tool for generating delegated credentials.

Co-authored-by: Jonathan Hoyland <jhoyland@cloudflare.com>
bwesterb pushed a commit that referenced this issue Mar 1, 2023
* Define API for delegated credentials so they are fetched using the
  same mechanisms used to fetch certificates
* Allow the usage of other keyUsage when checking for the dc extension.

Fixes issues in earlier patch, addressing #127, #128, #129, #130, and #131.
Add tool for generating delegated credentials.

Co-authored-by: Jonathan Hoyland <jhoyland@cloudflare.com>
bwesterb pushed a commit that referenced this issue Mar 2, 2023
* Define API for delegated credentials so they are fetched using the
  same mechanisms used to fetch certificates
* Allow the usage of other keyUsage when checking for the dc extension.

Fixes issues in earlier patch, addressing #127, #128, #129, #130, and #131.
Add tool for generating delegated credentials.

Co-authored-by: Jonathan Hoyland <jhoyland@cloudflare.com>
Lekensteyn pushed a commit that referenced this issue May 8, 2023
* Define API for delegated credentials so they are fetched using the
  same mechanisms used to fetch certificates
* Allow the usage of other keyUsage when checking for the dc extension.

Fixes issues in earlier patch, addressing #127, #128, #129, #130, and #131.
Add tool for generating delegated credentials.

Co-authored-by: Jonathan Hoyland <jhoyland@cloudflare.com>
Lekensteyn pushed a commit that referenced this issue May 10, 2023
* Define API for delegated credentials so they are fetched using the
  same mechanisms used to fetch certificates
* Allow the usage of other keyUsage when checking for the dc extension.

Fixes issues in earlier patch, addressing #127, #128, #129, #130, and #131.
Add tool for generating delegated credentials.

Co-authored-by: Jonathan Hoyland <jhoyland@cloudflare.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants