fix: correct validation of OCSP signature#1863
fix: correct validation of OCSP signature#1863mauricefisher64 wants to merge 10 commits intomainfrom
Conversation
…sp_sig # Conflicts: # sdk/src/crypto/cose/certificate_trust_policy.rs # sdk/src/crypto/cose/ocsp.rs # sdk/src/crypto/raw_signature/openssl/validators/mod.rs # sdk/src/crypto/raw_signature/rust_native/validators/mod.rs
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## main #1863 +/- ##
==========================================
- Coverage 76.53% 76.44% -0.10%
==========================================
Files 171 171
Lines 39633 39788 +155
==========================================
+ Hits 30334 30415 +81
- Misses 9299 9373 +74 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Merging this PR will improve performance by 81.13%
Performance Changes
Comparing 
Footnotes
|
| .await | ||
| }; | ||
|
|
||
| // we only care about OCSP value log info the result is OK |
There was a problem hiding this comment.
| // we only care about OCSP value log info the result is OK | |
| // we only care about OCSP value log info if the result is OK |
I think that's how I understand it?
| }, | ||
| }; | ||
|
|
||
| const TIMESTAMP_OID_STR: &str = "1.3.6.1.5.5.7.3.8"; |
There was a problem hiding this comment.
Maybe we can define this like the other oids using the oid! macro and then use ::as_bytes when adding it to the ctp?
3 participants
Changes in this pull request
Fix selecting the incorrect handler for RSA signatures
Enforce explicit EKUs for timestamp and ocsp certificates
Check OCSP certs against trust list
Correctly ignore OCSP responses that have errors (these are a noop)
Checklist
TO DOitems (or similar) have been entered as GitHub issues and the link to that issue has been included in a comment.