-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AddTrustedRootCertificate without AddNOC is broken #15311
Comments
bzbarsky-apple
added
spec
Mismatch between spec and implementation
security
V1.0
and removed
V1.0
labels
Feb 17, 2022
bzbarsky-apple
changed the title
AddTrustedRootCertificate outside commissioning is broken
AddTrustedRootCertificate without AddNOC is broken
Feb 17, 2022
Maybe in practice no one will add root certs without doing AddNOC so this is not a problem? |
tcarmelveilleux
added a commit
to tcarmelveilleux/connectedhomeip
that referenced
this issue
May 30, 2022
- Add all missing IM-level checks that would lead to INVALID_COMMAND error on incorrectly provided inputs - Normalize logging of errors some more - Add missing interlocks on fail-safe - Remove RemoveTrustedRootCertificate command - Ensure error-handling in AddTrustedRootCertificate does not destroy in-progress state on innocuous errors - Move some IM structural checks before fail-safe checks in AddNOC/UpdateNOC Issue project-chip#18633 Fixes project-chip#15311 Fixes project-chip#17209
tcarmelveilleux
added a commit
that referenced
this issue
Jun 1, 2022
* Multiple spec compliance fixes to NOC cluster - Add all missing IM-level checks that would lead to INVALID_COMMAND error on incorrectly provided inputs - Normalize logging of errors some more - Add missing interlocks on fail-safe - Remove RemoveTrustedRootCertificate command - Ensure error-handling in AddTrustedRootCertificate does not destroy in-progress state on innocuous errors - Move some IM structural checks before fail-safe checks in AddNOC/UpdateNOC Issue #18633 Fixes #15311 Fixes #17209 * ZAP changes * Restyled by clang-format * regen zap * Restyled by clang-format * Add missing root cert size validation * Fix CI * Restyled by clang-format * Fix CI * Apply review comments * ZAP regen * Restyled by whitespace * Restyled by clang-format * Fix a constant move to wrong context * Add FAILSAFE_REQUIRED and TIMED_REQUEST_MISMATCH * ZAP regen * Restyled by whitespace * Restyled by clang-format Co-authored-by: Restyled.io <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Problem
AddTrustedRootCertificate sets the new root cert in
gFabricBeingCommissioned
... but then nothing ever happens to get it anywhere else. This means:Proposed Solution
Implement something closer to the spec.
The text was updated successfully, but these errors were encountered: