Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

simplify fingerprint validation and authentication: pass a single fingerprint #153

Merged
merged 2 commits into from
Sep 27, 2021
Merged

simplify fingerprint validation and authentication: pass a single fingerprint #153

merged 2 commits into from
Sep 27, 2021

Conversation

hannesm
Copy link
Member

@hannesm hannesm commented Sep 27, 2021

Previously a list of name and fingerprint was passed, which was not used at all.
In practice, a single fingerprint is sufficient. With this change, providing the
fingerprint of a certificate that is valid for certain IP addresses will work
nicely (similar to what #152 does for chain of trust).

//cc @reynir

@hannesm
simplify fingerprint validation and authentication: pass a single fin…
5ec6801 
…gerprint

Previously a list of name and fingerprint was passed, which was not used at all.
In practice, a single fingerprint is sufficient. With this change, providing the
fingerprint of a certificate that is valid for certain IP addresses will work
nicely (similar to what mirleft#152 does for chain of trust).
@hannesm
Revise Authenticator.t to include an optional IP address
d64c007
@hannesm hannesm merged commit ced6822 into mirleft:main Sep 27, 2021
hannesm added a commit to hannesm/opam-repository that referenced this pull request Sep 27, 2021
@hannesm
[new release] x509 (0.15.0)
b57350c 
CHANGES:

* FEATURE support validation of an IP address in the leaf certificate
  (mirleft/ocaml-x509#152 mirleft/ocaml-x509#153 @reynir @hannesm)
* FEATURE provide Certificate.ips and Certificate.supports_ip
  (mirleft/ocaml-x509#152 @reynir @hannesm)
* BREAKING revise certificate and public key fingerprint authenticators API:
  now a single fingerprint is supported, previously a list of pairs of
  hostname and fingerprint was used (mirleft/ocaml-x509#153 @hannesm)
* BREAKING The Authenticator.t type has been extended with ?ip:Ipaddr.t
  (mirleft/ocaml-x509#153 @hannesm)
@hannesm hannesm mentioned this pull request Sep 27, 2021
Merged
@hannesm hannesm deleted the fingerprint branch September 27, 2021 12:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@hannesm