-
-
Notifications
You must be signed in to change notification settings - Fork 9.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
This patch adds cades support for openssl #7611
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for contributing to OpenSSL, @opensignature. Without having looked too much into the details, it is my strong believe that in this part of your pull request you are implementing a feature which should be implemented in a reusable fashion in libcrypto and made available by introducing an API call. The purpose of the command line application is to make the functionality in libcrypto and libssl available on the command line, not to implement new features by itself.
Also, it would be good if you could find out whether your editor is able to visualize whitespace errors, for example trailing spaces or tabs instead of spaces. (Note: the git diff
command will highlight trailing spaces).
Also, it is not clear to me how much of the 141 pages of RFC5126 your pull request in fact implements. Please give the necessary references, because our policy mandates that we only add cryptographic algorithms which are covered by some official standard. Also, adding new features - in particular api changes - require adding the corresponding documentation (updating the manual pages, etc.). |
Finally, the legal part: Every nontrivial contribution requires that the contributor fills out and signs a contributor license agreement. For details, please see https://www.openssl.org/policies/cla.html. |
Thanks, I will provide soon |
A CAdES Basic Electronic Signature (CAdES-BES) contains, among other specifications, a collection of mandatory signed attributes, between these ESS signing-certificate or ESS signing-certificate-v2. |
I see you have opened PR #206 ;)
These methods should be renamed to respect current conventions:
it is a large project ;) |
ok thanks, I will follow your advice :) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some feedback/nits.
Close/reopen to kick CLA bot. |
Please update all commits so that the author email matches that on the CLA that you registered. Without that the CLA bot will continue to complain. |
Let's wait for @opensignature's reaction. If we teach him how to do it himself, we might manage to attract a regular contributor for the future... :-)
Thanks for the compliments. Unfortunately I don't have the time to excavate and edit those guides. So feel encouraged to 'steel' them and place them into the Wiki. (No need to mention my authorship, it's all from Scott Chacon's book anyway.) |
ok, in fact there is a bit of disorder. |
I‘ll write it up for you, but I can’t promise it for today, and tomorrow I‘m out of office. Please have a little patience. |
Don't worry. I'm not in a hurry :) |
I do suggest to have |
@YuryStrozhevsky thank you very much for your comment. I looks like you have experience with CAdES? If yes, it would be highly appreciated if you could take a deeper look at @opensignature's pull request and provide more technical feedback. |
@opensignature I will help you with the first step and untangle the merge commits and rebase your branch. This is a little bit more tricky than usual due to the version number change, so it is not a good starting point to learn. The second step will be to reorganize the commits, which you will do with my help. I will need a little bit more time for preparing everything. Until then, you can start by reading my initial draft for a TUTORIAL which is intended for novice Git[Hub] users. (Thanks to @FdaSilvaYY for animating me to do a general writeup.) (Edit: the tutorial was moved from master to a feature branch) |
@mspncp Yes, I have an expertise in CAdES. And I already done some work on the pull request. But anyway I will continue with the inspection. From the first time all looks more or less good. |
I agree with Yury and also suggest to have a SigningCertificateV2 attribute to be a default attribute. |
The pull requests mspncp#4 mspncp#5 and mspncp#6 show the different stages of the transformation of your original pull request.
Note that the branches
Alternatively, you can verify it if from the following output, which shows
TO BE CONTINUED... |
SummarySince you are adding a completely new feature, it makes sense to add it as a single large commit with a nice explaining commit message. Because when the new feature is ready and merged to master, nobody actually want's to see a complete history anymore of how the new feature was conceived and implemented over the time, with all the errors and corrections (mspncp#5). It is much nicer to get the final result with a nice explanation (mspncp#6). That's what "rewriting the history" in git is all about. TO BE CONTINUED... (Note: My commit message in mspncp#6 is just an example which I sketched and which should only give you an idea how the pull request can look like. (It might even be technically wrong or incomplete.) |
Of course it is equally justified to split it into a small number of separate commits wich split the work into logical parts, with explaining commit messages. But no history, no error fixups in the final commit. |
There is one caveat: rewriting the history (with interactive rebasing and squashing) is a valid method as long as your pull request is still in the work-in-progress state. (Contributors add "WIP: " to the pr title to indicate that it's work-in-progress). When the final review process has started, you should avoid actions that change existing commits (amending, rebasing, squashing) and only push additional fixups, unless the reviewer tells you otherwise. |
Homework Excercise: try to get the three branches |
Homework 2: commit 10c3ece lists me as author, which is obviously fake news. You can change the author of a commit retrospectively using |
Ok @opensignature, enough for today. I hope I did not bury you with information. I'd be happy to hear some feedback from you. My favorite choice would be if you would fetch the |
Homework Excercise done :-) |
Note: In case you wonder why |
Conflicts: util/libcrypto.num
Now add-cades is synchronized with upstream. How can I fetch your add-cades-support-squashed into add-cades? |
The intended proceeding is not that you repeat the steps I did to rebase, but to abandon this pull request and open a new pull request using
|
You don't need to keep my branch name, you can just
|
I don't recommend to keep this pull request, because it uses your |
ok done PR 7893 |
Closing in favor of #7893. |
@FdaSilvaYY did you save any of these links you mentioned? If yes, could you send me the links via e-mail? I'd be happy to have them, because I plan to do some documentation. |
|
Checklist