Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TSA trust store root certificate validation #470

Closed
Two-Hearts opened this issue Oct 25, 2024 · 0 comments · Fixed by #471
Closed

TSA trust store root certificate validation #470

Two-Hearts opened this issue Oct 25, 2024 · 0 comments · Fixed by #471
Assignees
@Two-Hearts
Labels
enhancement New feature or request
Milestone
1.3.0

Comments

@Two-Hearts
Copy link
Contributor

Two-Hearts commented Oct 25, 2024
edited
Loading

We currently require tsa trust store to only store TSA's root certificates. Although it is checked during tsa counter signature verification, we could fail fast at the step of getting certificates from the trust store.
@Two-Hearts Two-Hearts added bug Something isn't working triage Needs evaluation for feasibility, timeline, etc. enhancement New feature or request and removed bug Something isn't working labels Oct 25, 2024
@Two-Hearts Two-Hearts self-assigned this Oct 25, 2024
@Two-Hearts Two-Hearts added this to the 1.3.0 milestone Oct 25, 2024
@FeynmanZhou FeynmanZhou removed the triage Needs evaluation for feasibility, timeline, etc. label Oct 29, 2024
@Two-Hearts Two-Hearts mentioned this issue Oct 29, 2024
Merged
priteshbandi pushed a commit that referenced this issue Nov 1, 2024
@Two-Hearts
fix: added tsa trust store root cert validation (#471)
1dc55d0 
This PR adds tsa trust store root cert validation while getting
certificates from trust store. This is to fail fast if cert in TSA trust
store is not a root CA certificate.

Resolves #470

---------

Signed-off-by: Patrick Zheng <[email protected]>
Two-Hearts added a commit to Two-Hearts/notation-go that referenced this issue Dec 9, 2024
@Two-Hearts
fix: added tsa trust store root cert validation (notaryproject#471)
1af43f2 
This PR adds tsa trust store root cert validation while getting
certificates from trust store. This is to fail fast if cert in TSA trust
store is not a root CA certificate.

Resolves notaryproject#470

---------

Signed-off-by: Patrick Zheng <[email protected]>
Two-Hearts added a commit to Two-Hearts/notation-go that referenced this issue Dec 9, 2024
@Two-Hearts
fix: added tsa trust store root cert validation (notaryproject#471)
de8bb3a 
This PR adds tsa trust store root cert validation while getting
certificates from trust store. This is to fail fast if cert in TSA trust
store is not a root CA certificate.

Resolves notaryproject#470

---------

Signed-off-by: Patrick Zheng <[email protected]>
Two-Hearts added a commit to Two-Hearts/notation-go that referenced this issue Dec 9, 2024
@Two-Hearts
fix: added tsa trust store root cert validation (notaryproject#471)
d66c7ab 
This PR adds tsa trust store root cert validation while getting
certificates from trust store. This is to fail fast if cert in TSA trust
store is not a root CA certificate.

Resolves notaryproject#470

---------

Signed-off-by: Patrick Zheng <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Two-Hearts Two-Hearts

Labels
enhancement New feature or request
Projects
Notary Project Planning Board
Status: Done
Milestone
1.3.0
Development

Successfully merging a pull request may close this issue.

fix: added tsa trust store root cert validation Two-Hearts/notation-go
2 participants
@FeynmanZhou @Two-Hearts