Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rebase verify_cert: check name constraints after sig. validation #280

Merged
merged 3 commits into from
Sep 30, 2023

Conversation

briansmith
Copy link
Owner

@briansmith briansmith commented Sep 30, 2023

Rebase #278 on top of main after #277 was merged.

@briansmith
Copy link
Owner Author

@cpu See the last commit about the semver breakage in rcgen.

@codecov
Copy link

codecov bot commented Sep 30, 2023

Codecov Report

Merging #280 (ed2ac06) into main (4a71d47) will increase coverage by 0.55%.
Report is 3 commits behind head on main.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##             main     #280      +/-   ##
==========================================
+ Coverage   50.62%   51.18%   +0.55%     
==========================================
  Files          18       18              
  Lines        3751     3806      +55     
==========================================
+ Hits         1899     1948      +49     
- Misses       1852     1858       +6     
Files Coverage Δ
src/signed_data.rs 100.00% <ø> (ø)
src/verify_cert.rs 94.90% <100.00%> (+0.82%) ⬆️

... and 2 files with indirect coverage changes

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

@briansmith briansmith force-pushed the backport-name-constraints-post-sigs branch from ac5c13b to a7a0d41 Compare September 30, 2023 02:41
Prior to this commit parsing and processing certificate name constraints
was done before validating a chain of signatures to a known trust
anchor. This increases the attack surface of these features, allowing an
adversary to force webpki to process name constraints on a crafted
certificate without needing to have that certificate issued by a trusted
entity.

This commit moves the parsing and processing of name constraints to
after building and verifying the chain of signatures to reduce the
potential for mischief.
@briansmith briansmith force-pushed the backport-name-constraints-post-sigs branch from a7a0d41 to ed2ac06 Compare September 30, 2023 02:53
@briansmith briansmith merged commit 519bcb6 into main Sep 30, 2023
212 checks passed
@briansmith briansmith deleted the backport-name-constraints-post-sigs branch September 30, 2023 03:21
@cpu
Copy link
Contributor

cpu commented Sep 30, 2023

@cpu See the last commit about the semver breakage in rcgen.

Thanks, I fixed that upstream but it's pending release.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants