Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Search whole chain looking for issuer match #1112

Merged
merged 2 commits into from
Jul 10, 2023
Merged

Search whole chain looking for issuer match #1112

merged 2 commits into from
Jul 10, 2023

Conversation

mhutchinson
Copy link
Contributor

@mhutchinson mhutchinson commented Jul 10, 2023
edited

This is a more thorough alternative to #1111 to solve #1096 as I understand the problem.

Where the chain is out of order, look through the whole chain to find a matching issuer cert. If we don't find one, then use the fallback logic that was already there for no issuer chain provided.

@mhutchinson mhutchinson requested a review from a team as a code owner July 10, 2023 09:30
@mhutchinson mhutchinson requested review from AlCutter and pphaneuf and removed request for a team July 10, 2023 09:30
@mhutchinson mhutchinson mentioned this pull request Jul 10, 2023
Closed
2 tasks
AlCutter
AlCutter approved these changes Jul 10, 2023
View reviewed changes
ctutil/sctcheck/sctcheck.go Show resolved Hide resolved
AlCutter
AlCutter approved these changes Jul 10, 2023
View reviewed changes
ctutil/sctcheck/sctcheck.go Show resolved Hide resolved
@mhutchinson mhutchinson merged commit 17fed18 into google:master Jul 10, 2023
4 checks passed
@mhutchinson mhutchinson deleted the fix1096 branch July 10, 2023 12:43
@AGWA
Copy link

AGWA commented Jul 13, 2023

This PR unfortunately doesn't work, as I describe here: 17fed18#r121525697

mhutchinson added a commit to mhutchinson/certificate-transparency-go that referenced this pull request Jul 14, 2023
@mhutchinson
Use proper check per @AGWA instead of buggy check introduced in googl…
dcd9d95 
…e#1112

The previous check always failed. This check ensures that the issuer is correct by confirming the signature of the cert.
mhutchinson added a commit that referenced this pull request Jul 14, 2023
@mhutchinson
Use proper check per @AGWA instead of buggy check introduced in #1112 (
af9e68d 
…#1114)

The previous check always failed. This check ensures that the issuer is correct by confirming the signature of the cert.
@mhutchinson
Copy link
Contributor Author

I've taken your fix and applied it in #1114. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@roger2hk roger2hk roger2hk left review comments

@Shushangw Shushangw Shushangw left review comments

@AlCutter AlCutter AlCutter approved these changes

@pphaneuf pphaneuf Awaiting requested review from pphaneuf pphaneuf is a code owner automatically assigned from google/certificate-transparency

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@mhutchinson @AGWA @roger2hk @AlCutter @Shushangw