Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Windows certificate store improvements #6042

Merged
merged 3 commits into from
Oct 25, 2024
Merged

Windows certificate store improvements #6042

merged 3 commits into from
Oct 25, 2024

Conversation

neilalexander
Copy link
Member

This PR:

  • Removes some magic numbers from the certstore code in favour of constants already defined in x/sys/windows
  • Adds the thumbprint option to cert_match_by by allowing matching a specific certificate my SHA1 thumbprint rather than possibly matching multiple certificates by name
  • Adds the cert_match_skip_invalid option by integrating & rebasing a community PR along with some fix-ups

Fixes #6024
Fixes #4383
Closes #4384

Signed-off-by: Neil Twigg neil@nats.io

neilalexander and others added 3 commits October 25, 2024 11:24
@neilalexander
Certstore: Use constants from x/sys/windows
9233358 
Many of these are already defined so we don't need such a long
list of magic numbers.

Signed-off-by: Neil Twigg <neil@nats.io>
@neilalexander
Certstore: Add ability to cert_match_by with thumbprint
21ad69a 
Input value should be hex-encoded string of the SHA1 thumbprint.

See: #6024

Signed-off-by: Neil Twigg <neil@nats.io>
@neilalexander
Certstore: Added cert_match_skip_invalid option
8fec9e3 
Replaces #4384.

Co-authored-by: Daniel Modler <modler@linkbit.io>
Co-authored-by: Neil Twigg <neil@nats.io>
Signed-off-by: Neil Twigg <neil@nats.io>
@neilalexander neilalexander marked this pull request as ready for review October 25, 2024 15:20
@neilalexander neilalexander requested a review from a team as a code owner October 25, 2024 15:20
derekcollison
derekcollison approved these changes Oct 25, 2024
View reviewed changes
Copy link
Member

@derekcollison derekcollison left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@derekcollison derekcollison merged commit 899d4cf into main Oct 25, 2024
5 checks passed
@derekcollison derekcollison deleted the neil/wincrypt branch October 25, 2024 19:40
@neilalexander neilalexander mentioned this pull request Oct 28, 2024
Merged
derekcollison added a commit that referenced this pull request Oct 28, 2024
@derekcollison
Fix matching by thumbprint in the Windows certificate store (#6047)
03f504d 
Fixes a bug in #6042 where the `thumbprint` would never match, as we
were passing in a hex-decoded form instead of the actual string value.

Signed-off-by: Neil Twigg <neil@nats.io>
@neilalexander neilalexander mentioned this pull request Oct 29, 2024
Merged
neilalexander added a commit that referenced this pull request Oct 29, 2024
@neilalexander
Cherry-picks for 2.10.23-RC.1 (#6054)
8f6dd32 
Includes the following:

- #5115
- #6019
- #6039
- #6034
- #6043
- #6042
- #6047
- #6049
- #6050 
- #6052
- #6053

Signed-off-by: Neil Twigg <neil@nats.io>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@derekcollison derekcollison derekcollison approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@neilalexander @derekcollison