New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Do not allow sloppy keys. #142
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
hannesm
reviewed
Jan 20, 2021
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks, I looked at commit f4dd7dc which this PR basically reverts (but keeping the test case).
psafont
force-pushed
the
noslop
branch
3 times, most recently
from
January 20, 2021 11:37
bed82d6
to
ebf3a8d
Compare
hannesm
reviewed
Jan 20, 2021
psafont
force-pushed
the
noslop
branch
2 times, most recently
from
January 20, 2021 13:09
664c32b
to
8fbc76d
Compare
psafont
force-pushed
the
noslop
branch
4 times, most recently
from
January 21, 2021 09:56
72f9fb1
to
c7fc310
Compare
hannesm
reviewed
Jan 21, 2021
psafont
force-pushed
the
noslop
branch
2 times, most recently
from
January 21, 2021 14:05
fb0bd23
to
9505e2f
Compare
They were not sloppy after all, and are accepted by mirage-crypto since 0.8.10 It reverts most of the changes in f4dd7dc while keeping the regression test and adding a new one. Signed-off-by: Pau Ruiz Safont <pau.safont@citrix.com>
thanks, I force-pushed to trigger CI -- which now looks fine. |
avsm
pushed a commit
to ocaml/opam-repository
that referenced
this pull request
Apr 6, 2021
CHANGES: * FEATURE PKCS12 support (mirleft/ocaml-x509#114 by @hannesm) * FEATURE ECDSA and EDDSA support via mirage-crypto-ec (mirleft/ocaml-x509#145 by @hannesm) This breaks some clients since the Private_key.t and Public_key.t variants are extended (may result in partial pattern matches of users of this library). * CRL.is_revoked has `crls` as last parameter to avoid warning 16 (4.12 compatibility) (mirleft/ocaml-x509#144 by @hannesm) * Signing_request.sign: add optional labelled argument `~subject` to allow changing the subject when signing a signing request (mirleft/ocaml-x509#139 by @reynir) * BUGFIX Encoding of Distinguished_name components (adhere to specification) DomainComponent and EMail are now serialised using a IA5String; Serialnumber, CountryName and DnQualifier as PrintableString (reported in mirleft/ocaml-x509#69, fixed mirleft/ocaml-x509#140 by @NightBlues) * BREAKING Remove `~sloppy` from Private_key.decode_{pem,der}. The seemingly bad RSA keys were valid and should have been accepted by mirage-crypto. (mirleft/ocaml-x509#142 by @psafont)
actionshrimp
added a commit
to imandra-ai/ocaml-gcloud
that referenced
this pull request
Sep 17, 2021
From ocaml/opam-repository@cf51d08 : * BREAKING Remove `~sloppy` from Private_key.decode_{pem,der}. The seemingly bad RSA keys were valid and should have been accepted by mirage-crypto. (mirleft/ocaml-x509#142 by @psafont)
actionshrimp
added a commit
to imandra-ai/ocaml-gcloud
that referenced
this pull request
Sep 20, 2021
From ocaml/opam-repository@cf51d08 : * BREAKING Remove `~sloppy` from Private_key.decode_{pem,der}. The seemingly bad RSA keys were valid and should have been accepted by mirage-crypto. (mirleft/ocaml-x509#142 by @psafont)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
They were not sloppy after all, and should be accepted at mirage-crypto
level.
Depends on mirage/mirage-crypto#99