Improve TLS identifier to include entire certificate chain #1163

tsandall · 2019-01-15T18:37:18Z

Expected Behavior

Some users will want to have the entire certificate chain provided to the authz policy. One option would be to expose the entire certificate chain as the identity, however, this might be overly complex for most use cases. An alternative would be to let the identifier include multiple keys in addition to input.identity. In the x509 parsing built-ins we just JSON serialize the Go struct: https://github.com/open-policy-agent/opa/blob/master/topdown/crypto.go#L22. We could do the same here.

Actual Behavior

Today, the TLS identifier only extracts the subject.

The text was updated successfully, but these errors were encountered:

stale · 2021-11-22T23:09:37Z

This issue has been automatically marked as inactive because it has not had any activity in the last 30 days.

stale · 2022-01-02T04:25:27Z

This issue has been automatically marked as inactive because it has not had any activity in the last 30 days.

tsandall added enhancement help wanted labels Jan 15, 2019

stale bot added the inactive label Nov 22, 2021

tsandall removed the enhancement label Dec 3, 2021

stale bot removed the inactive label Dec 3, 2021

stale bot added the inactive label Jan 2, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Improve TLS identifier to include entire certificate chain #1163

Improve TLS identifier to include entire certificate chain #1163

tsandall commented Jan 15, 2019 •

edited

Loading

stale bot commented Nov 22, 2021

stale bot commented Jan 2, 2022

Improve TLS identifier to include entire certificate chain #1163

Improve TLS identifier to include entire certificate chain #1163

Comments

tsandall commented Jan 15, 2019 • edited Loading

Expected Behavior

Actual Behavior

stale bot commented Nov 22, 2021

stale bot commented Jan 2, 2022

tsandall commented Jan 15, 2019 •

edited

Loading