Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow "required if present" EKUs #229

Merged
merged 4 commits into from
Feb 12, 2024
Merged

Allow "required if present" EKUs #229

merged 4 commits into from
Feb 12, 2024

Conversation

jasperpatterson
Copy link
Contributor

I noticed there isn't currently a pub function to use ExtendedKeyUsage::RequiredIfPresent. Unsure if there was a reason for this, or whether it was just missed?

djc
djc approved these changes Feb 7, 2024
View reviewed changes
Copy link
Member

@djc djc left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Makes sense!

Would be curious to hear more about your use cases!

src/verify_cert.rs Show resolved Hide resolved
@codecov Codecov
Copy link

codecov bot commented Feb 7, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (4689881) 97.13% compared to head (eb24f3f) 97.14%.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #229   +/-   ##
=======================================
  Coverage   97.13%   97.14%           
=======================================
  Files          19       19           
  Lines        4333     4336    +3     
=======================================
+ Hits         4209     4212    +3     
  Misses        124      124

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@jasperpatterson
Copy link
Contributor Author

Would be curious to hear more about your use cases!

Using a root certificate in my control to (exclusively) issue code signing certificates. Given the entire purpose of the root is for code signing, I don't really care about the "code signing" EKU on individual certs, but might as well check for it if EKUs are present.

cpu
cpu reviewed Feb 7, 2024
View reviewed changes
src/verify_cert.rs Show resolved Hide resolved
cpu
cpu approved these changes Feb 10, 2024
View reviewed changes
Copy link
Member

@cpu cpu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, LGTM.

@cpu
Copy link
Member

cpu commented Feb 12, 2024

@ctz Any interest in reviewing this one or should we merge?

@ctz ctz added this pull request to the merge queue Feb 12, 2024
Merged via the queue into rustls:main with commit a35e26d Feb 12, 2024
30 checks passed
@cpu cpu mentioned this pull request Apr 22, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ctz ctz ctz approved these changes

@cpu cpu cpu approved these changes

@djc djc djc approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jasperpatterson @cpu @djc @ctz