Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

test: additional test certs #4378

Merged
merged 2 commits into from
Jan 26, 2024
Merged

test: additional test certs #4378

merged 2 commits into from
Jan 26, 2024

Conversation

jmayclin
Copy link
Contributor

@jmayclin jmayclin commented Jan 25, 2024
edited
Loading

Description of changes:

  1. Bug Fix: A previous version of this script forget to specify the signature_options when generating the intermediate cert
  2. Additional Hash Coverage: Generate more certs with less common hashes
  3. unique SAN with CA: This is necessary for a unit test covering s2n_config domain cert behavior

Testing:

Rebased my in-development unit tests on top of this as well as manual inspection using the openssl x509 utility.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@jmayclin
test: new test certs
e5bad0a 
This commit fixes a previous issue with the signature in the rsae-pss
certs. It also adds more hash digest coverage.
@github-actions github-actions bot added the s2n-core team label Jan 25, 2024
@jmayclin jmayclin requested review from dougch and maddeleine January 25, 2024 17:35
@jmayclin jmayclin marked this pull request as ready for review January 25, 2024 17:35
maddeleine
maddeleine reviewed Jan 25, 2024
View reviewed changes
tests/pems/permutations/generate-certs.sh
@@ -168,6 +169,9 @@ then
cert-gen ec ecdsa 384 SHA256 ec_ecdsa_p384_sha256
cert-gen ec ecdsa 384 SHA384 ec_ecdsa_p384_sha384
cert-gen ec ecdsa 521 SHA384 ec_ecdsa_p521_sha384
cert-gen ec ecdsa 521 SHA512 ec_ecdsa_p521_sha512
cert-gen rsa pkcsv1.5 2048 SHA1 rsae_pkcs_2048_sha1
Copy link
Contributor

@maddeleine maddeleine Jan 25, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Kind of a nit, we usually specify which pkcs padding is used in the filename. Otherwise pkcs doesn't really have much meaning on its own.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mostly the purpose of this is to iterate over the different NID's so pkvs vs pss is enough for my test purposes, but it sounds like a nice future item to add support for different pkcs padding choices.

@jmayclin jmayclin requested review from goatgoose and removed request for dougch January 25, 2024 20:37
goatgoose
goatgoose approved these changes Jan 25, 2024
View reviewed changes
tests/pems/san_with_ca/generate.sh Outdated Show resolved Hide resolved
@jmayclin
address pr feedback
455382c 
- fix intermediate CA typo
@jmayclin jmayclin enabled auto-merge (squash) January 25, 2024 23:28
@jmayclin jmayclin merged commit 02b7033 into aws:main Jan 26, 2024
31 checks passed
@BrewTestBot BrewTestBot mentioned this pull request Jan 30, 2024
Merged
@jmayclin jmayclin deleted the additional-test-certs branch July 1, 2024 07:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@maddeleine maddeleine maddeleine approved these changes

@goatgoose goatgoose goatgoose approved these changes

Assignees
No one assigned
Labels
s2n-core team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jmayclin @goatgoose @maddeleine