-
Notifications
You must be signed in to change notification settings - Fork 699
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add CRL lookup callback #3501
Closed
Closed
Add CRL lookup callback #3501
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
goatgoose
force-pushed
the
crl-lookup2
branch
3 times, most recently
from
September 22, 2022 22:19
4e614e8
to
8525a9b
Compare
commit 295194f Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Wed Sep 28 12:00:58 2022 -0400 Add wrapper structs for X509/X509_CRL commit 49c3345 Merge: 5347cfa 7f8a951 Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Wed Sep 28 10:30:24 2022 -0400 Merge branch 'main' into refactor-x509-validate-async commit 5347cfa Merge: b9aa377 f2ef307 Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Tue Sep 27 18:47:04 2022 -0400 Merge branch 'main' into refactor-x509-validate-async commit b9aa377 Merge: fd87c6c e6e8b6a Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Tue Sep 27 12:03:34 2022 -0400 Merge branch 'main' into refactor-x509-validate-async commit fd87c6c Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Wed Sep 21 19:01:06 2022 -0400 EXPECT_TRUE -> EXPECT_EQUAL commit 876a33b Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Wed Sep 21 18:59:55 2022 -0400 CERT_CHAIN_PROCESSED -> READY_TO_VERIFY commit 2b5f26e Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Wed Sep 21 18:52:31 2022 -0400 add comment for processing leaf certificate extensions commit 5d07513 Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Wed Sep 21 16:26:35 2022 -0400 fixes commit 8043a37 Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Wed Sep 21 13:48:17 2022 -0400 check for INIT state in s2n_x509_validator_read_cert_chain commit 5f7443e Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Wed Sep 21 11:07:51 2022 -0400 fixes commit a9c024e Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Wed Sep 21 11:00:00 2022 -0400 refactor validate_cert_chain into functions per state commit 567385d Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Tue Sep 20 16:27:12 2022 -0400 prepend s2n_x509_validator commit bb86ad4 Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Tue Sep 20 14:42:53 2022 -0400 check for S2N_PKEY_TYPE_UNKNOWN on error commit c9870a6 Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Fri Sep 16 11:39:08 2022 -0400 don't check for pkey_type on error in x509_validator tests commit 665a692 Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Thu Sep 15 11:05:13 2022 -0400 Refactor s2n_x509_validator_validate_cert_chain to support async callback
goatgoose
force-pushed
the
crl-lookup2
branch
3 times, most recently
from
September 28, 2022 17:00
9a3337d
to
87291a8
Compare
goatgoose
force-pushed
the
crl-lookup2
branch
from
September 28, 2022 17:58
87291a8
to
d9025af
Compare
goatgoose
force-pushed
the
crl-lookup2
branch
from
September 28, 2022 18:06
d9025af
to
468f70e
Compare
goatgoose
force-pushed
the
crl-lookup2
branch
3 times, most recently
from
September 28, 2022 19:08
2a25e05
to
c08dd6a
Compare
commit c08dd6a Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Wed Sep 28 15:03:15 2022 -0400 fixes commit b18a116 Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Wed Sep 28 14:31:45 2022 -0400 remove unnecessary CRL timestamp errors commit 7dc1a42 Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Wed Sep 28 14:09:49 2022 -0400 crl_for_cert -> crl_lookup commit 011a51b Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Wed Sep 28 14:04:02 2022 -0400 fixes commit 092384e Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Wed Sep 28 14:06:04 2022 -0400 Squashed commit of the following: commit 6e27724 Merge: 768e061 07e62a4 Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Wed Sep 28 12:55:21 2022 -0400 Merge branch 'crl-lookup2' into crl-lookup3 commit 768e061 Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Wed Sep 28 12:15:43 2022 -0400 Squashed commit of the following: commit 295194f Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Wed Sep 28 12:00:58 2022 -0400 Add wrapper structs for X509/X509_CRL commit 49c3345 Merge: 5347cfa 7f8a951 Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Wed Sep 28 10:30:24 2022 -0400 Merge branch 'main' into refactor-x509-validate-async commit 5347cfa Merge: b9aa377 f2ef307 Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Tue Sep 27 18:47:04 2022 -0400 Merge branch 'main' into refactor-x509-validate-async commit b9aa377 Merge: fd87c6c e6e8b6a Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Tue Sep 27 12:03:34 2022 -0400 Merge branch 'main' into refactor-x509-validate-async commit fd87c6c Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Wed Sep 21 19:01:06 2022 -0400 EXPECT_TRUE -> EXPECT_EQUAL commit 876a33b Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Wed Sep 21 18:59:55 2022 -0400 CERT_CHAIN_PROCESSED -> READY_TO_VERIFY commit 2b5f26e Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Wed Sep 21 18:52:31 2022 -0400 add comment for processing leaf certificate extensions commit 5d07513 Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Wed Sep 21 16:26:35 2022 -0400 fixes commit 8043a37 Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Wed Sep 21 13:48:17 2022 -0400 check for INIT state in s2n_x509_validator_read_cert_chain commit 5f7443e Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Wed Sep 21 11:07:51 2022 -0400 fixes commit a9c024e Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Wed Sep 21 11:00:00 2022 -0400 refactor validate_cert_chain into functions per state commit 567385d Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Tue Sep 20 16:27:12 2022 -0400 prepend s2n_x509_validator commit bb86ad4 Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Tue Sep 20 14:42:53 2022 -0400 check for S2N_PKEY_TYPE_UNKNOWN on error commit c9870a6 Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Fri Sep 16 11:39:08 2022 -0400 don't check for pkey_type on error in x509_validator tests commit 665a692 Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Thu Sep 15 11:05:13 2022 -0400 Refactor s2n_x509_validator_validate_cert_chain to support async callback commit 07e62a4 Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Tue Sep 27 18:46:01 2022 -0400 add new api definitions to bindgen test list commit 05fcf2f Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Wed Sep 21 16:42:11 2022 -0400 fixes commit 59b8533 Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Tue Sep 20 10:48:18 2022 -0400 cppcheck commit 881821e Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Wed Sep 28 11:59:03 2022 -0400 Squashed commit of the following: commit f683d96 Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Mon Sep 19 11:01:23 2022 -0400 more tests commit 3f5b677 Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Sun Sep 18 19:21:13 2022 -0400 get crl/cert issuer hash commit add1654 Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Fri Sep 16 11:12:04 2022 -0400 account for 4 additional pointers in s2n_connection_test commit 7d7fe48 Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Fri Sep 16 10:52:48 2022 -0400 fix memory commit d757f16 Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Fri Sep 16 01:37:19 2022 -0400 previous tests passing commit c9870a6 Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Fri Sep 16 11:39:08 2022 -0400 don't check for pkey_type on error in x509_validator tests commit 665a692 Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Thu Sep 15 11:05:13 2022 -0400 Refactor s2n_x509_validator_validate_cert_chain to support async callback commit 33a74ef Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Wed Sep 28 11:49:59 2022 -0400 Add wrapper structs for X509/X509_CRL commit 49c3345 Merge: 5347cfa 7f8a951 Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Wed Sep 28 10:30:24 2022 -0400 Merge branch 'main' into refactor-x509-validate-async commit 5347cfa Merge: b9aa377 f2ef307 Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Tue Sep 27 18:47:04 2022 -0400 Merge branch 'main' into refactor-x509-validate-async commit b9aa377 Merge: fd87c6c e6e8b6a Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Tue Sep 27 12:03:34 2022 -0400 Merge branch 'main' into refactor-x509-validate-async commit fd87c6c Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Wed Sep 21 19:01:06 2022 -0400 EXPECT_TRUE -> EXPECT_EQUAL commit 876a33b Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Wed Sep 21 18:59:55 2022 -0400 CERT_CHAIN_PROCESSED -> READY_TO_VERIFY commit 2b5f26e Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Wed Sep 21 18:52:31 2022 -0400 add comment for processing leaf certificate extensions commit 5d07513 Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Wed Sep 21 16:26:35 2022 -0400 fixes commit 8043a37 Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Wed Sep 21 13:48:17 2022 -0400 check for INIT state in s2n_x509_validator_read_cert_chain commit 5f7443e Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Wed Sep 21 11:07:51 2022 -0400 fixes commit a9c024e Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Wed Sep 21 11:00:00 2022 -0400 refactor validate_cert_chain into functions per state commit 567385d Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Tue Sep 20 16:27:12 2022 -0400 prepend s2n_x509_validator commit bb86ad4 Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Tue Sep 20 14:42:53 2022 -0400 check for S2N_PKEY_TYPE_UNKNOWN on error commit c9870a6 Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Fri Sep 16 11:39:08 2022 -0400 don't check for pkey_type on error in x509_validator tests commit 665a692 Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Thu Sep 15 11:05:13 2022 -0400 Refactor s2n_x509_validator_validate_cert_chain to support async callback commit 3937b07 Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Wed Sep 28 14:20:34 2022 -0400 update aws-verification-model-for-libcrypto to latest commit commit 63fd891 Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Wed Sep 28 14:04:30 2022 -0400 fixes commit ba33741 Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Wed Sep 28 13:55:38 2022 -0400 add new structs to bindgen test list commit 768e061 Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Wed Sep 28 12:15:43 2022 -0400 Squashed commit of the following: commit 295194f Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Wed Sep 28 12:00:58 2022 -0400 Add wrapper structs for X509/X509_CRL commit 49c3345 Merge: 5347cfa 7f8a951 Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Wed Sep 28 10:30:24 2022 -0400 Merge branch 'main' into refactor-x509-validate-async commit 5347cfa Merge: b9aa377 f2ef307 Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Tue Sep 27 18:47:04 2022 -0400 Merge branch 'main' into refactor-x509-validate-async commit b9aa377 Merge: fd87c6c e6e8b6a Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Tue Sep 27 12:03:34 2022 -0400 Merge branch 'main' into refactor-x509-validate-async commit fd87c6c Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Wed Sep 21 19:01:06 2022 -0400 EXPECT_TRUE -> EXPECT_EQUAL commit 876a33b Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Wed Sep 21 18:59:55 2022 -0400 CERT_CHAIN_PROCESSED -> READY_TO_VERIFY commit 2b5f26e Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Wed Sep 21 18:52:31 2022 -0400 add comment for processing leaf certificate extensions commit 5d07513 Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Wed Sep 21 16:26:35 2022 -0400 fixes commit 8043a37 Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Wed Sep 21 13:48:17 2022 -0400 check for INIT state in s2n_x509_validator_read_cert_chain commit 5f7443e Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Wed Sep 21 11:07:51 2022 -0400 fixes commit a9c024e Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Wed Sep 21 11:00:00 2022 -0400 refactor validate_cert_chain into functions per state commit 567385d Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Tue Sep 20 16:27:12 2022 -0400 prepend s2n_x509_validator commit bb86ad4 Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Tue Sep 20 14:42:53 2022 -0400 check for S2N_PKEY_TYPE_UNKNOWN on error commit c9870a6 Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Fri Sep 16 11:39:08 2022 -0400 don't check for pkey_type on error in x509_validator tests commit 665a692 Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Thu Sep 15 11:05:13 2022 -0400 Refactor s2n_x509_validator_validate_cert_chain to support async callback
goatgoose
force-pushed
the
crl-lookup2
branch
from
September 28, 2022 22:55
c08dd6a
to
373745b
Compare
Too many force pushes. Moving to #3546. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Resolved issues:
Part of #3499
Description of changes:
This PR adds a new async callback,
s2n_crl_lookup
, that's triggered ins2n_x509_validator_validate_cert_chain
. This callback is triggered once for each received certificate to retrieve all of the required CRLs needed to perform CRL validation. These CRLs are passed to the libcrypto, and a CRL validation check is performed in the existing call toX509_verify_cert
.Call-outs:
No public API was added to set this callback. This, as well as public API documentation, will be added in a future PR, when the CRL feature is finished.
The
max_connection_size
was increased from 4150 to 4182. This is to account for 4 additional pointers added tos2n_connection
:crl_lookup
data_for_crl_for_cert
crl_stack
ins2n_x509_validator
crl_for_cert_contexts
ins2n_x509_validator
Testing:
How is this change tested (unit tests, fuzz tests, etc.)? Are there any testing steps to be verified by the reviewer?
s2n_x509_validator_test
that test this callback and related helper functions.Is this a refactor change? If so, how have you proved that the intended behavior hasn't changed?
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.