Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Exclude certificates with BitLocker/EFS EKU #4

Closed
vuori opened this issue Feb 16, 2020 · 1 comment
Closed

Exclude certificates with BitLocker/EFS EKU #4

vuori opened this issue Feb 16, 2020 · 1 comment
Assignees
@buptczq
Labels
enhancement New feature or request

Comments

@vuori
Copy link

vuori commented Feb 16, 2020

Certs used for disk encryption are usually not used for SSH, so I think filtering out ones that only have the BitLocker Drive Encryption (1.3.6.1.4.1.311.67.1.1) and/or Encrypting File System (1.3.6.1.4.1.311.10.3.4) EKU would make sense.

I can look into this if it sounds reasonable.

I guess the stricter alternative would be to accept only certs that have no EKU at all or include the Client Authentication (1.3.6.1.5.5.7.3.2) EKU.
@buptczq buptczq self-assigned this Feb 16, 2020
@buptczq buptczq added the enhancement New feature or request label Feb 16, 2020
@buptczq
Copy link
Owner

buptczq commented Feb 17, 2020

This feature has been added in v1.0.3.

@buptczq buptczq closed this as completed Feb 17, 2020
@dschaper dschaper mentioned this issue Mar 13, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@buptczq buptczq

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@vuori @buptczq