Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow outdated and cert chain bug fixes #109

Merged
merged 5 commits into from
Sep 23, 2024
Merged

Allow outdated and cert chain bug fixes #109

merged 5 commits into from
Sep 23, 2024

Conversation

elantiguamsft
Copy link
Contributor

@elantiguamsft elantiguamsft commented Sep 23, 2024
edited
Loading

Feature: Exposing the "AllowOutdated" option to the command line tool, which enables successful validation of COSE signatures with a certificate chain containing one or more expired nodes. This option has no effect if the signing certificate has the lifetime eku (1.3.6.1.4.1.311.10.3.13).

BugFix: The X509ChainTrustValidator now can use all of the certificates included in the x5t header of the COSE message when attempting to build a chain of trust from the signing certificate. Previously, the validator would only use the signing certificate and certificates already installed on machine.

@elantiguamsft elantiguamsft force-pushed the users/edwinlantigua/allowOutdated-cmd-option branch from bf49795 to fc6976f Compare September 23, 2024 22:10
@elantiguamsft elantiguamsft merged commit 1e9f3bc into main Sep 23, 2024
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JoeBussell JoeBussell JoeBussell approved these changes

@lemccomb lemccomb Awaiting requested review from lemccomb

Assignees

@elantiguamsft elantiguamsft

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@elantiguamsft @JoeBussell @actions-user