Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Windows certificate store improvements #6042

Merged
merged 3 commits into from
Oct 25, 2024
Merged

Windows certificate store improvements #6042

merged 3 commits into from
Oct 25, 2024

Conversation

neilalexander
Copy link
Member

This PR:

  • Removes some magic numbers from the certstore code in favour of constants already defined in x/sys/windows
  • Adds the thumbprint option to cert_match_by by allowing matching a specific certificate my SHA1 thumbprint rather than possibly matching multiple certificates by name
  • Adds the cert_match_skip_invalid option by integrating & rebasing a community PR along with some fix-ups

Fixes #6024
Fixes #4383
Closes #4384

Signed-off-by: Neil Twigg neil@nats.io

neilalexander and others added 3 commits October 25, 2024 11:24
Many of these are already defined so we don't need such a long
list of magic numbers.

Signed-off-by: Neil Twigg <neil@nats.io>
Input value should be hex-encoded string of the SHA1 thumbprint.

See: #6024

Signed-off-by: Neil Twigg <neil@nats.io>
Replaces #4384.

Co-authored-by: Daniel Modler <modler@linkbit.io>
Co-authored-by: Neil Twigg <neil@nats.io>
Signed-off-by: Neil Twigg <neil@nats.io>
@neilalexander neilalexander marked this pull request as ready for review October 25, 2024 15:20
@neilalexander neilalexander requested a review from a team as a code owner October 25, 2024 15:20
Copy link
Member

@derekcollison derekcollison left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@derekcollison derekcollison merged commit 899d4cf into main Oct 25, 2024
5 checks passed
@derekcollison derekcollison deleted the neil/wincrypt branch October 25, 2024 19:40
derekcollison added a commit that referenced this pull request Oct 28, 2024
Fixes a bug in #6042 where the `thumbprint` would never match, as we
were passing in a hex-decoded form instead of the actual string value.

Signed-off-by: Neil Twigg <neil@nats.io>
neilalexander added a commit that referenced this pull request Oct 29, 2024
Includes the following:

- #5115
- #6019
- #6039
- #6034
- #6043
- #6042
- #6047
- #6049
- #6050 
- #6052
- #6053

Signed-off-by: Neil Twigg <neil@nats.io>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
2 participants