Skip to content

Comments

Rebase verify_cert: check name constraints after sig. validation#280

Merged
briansmith merged 3 commits intomainfrom
backport-name-constraints-post-sigs
Sep 30, 2023
Merged

Rebase verify_cert: check name constraints after sig. validation#280
briansmith merged 3 commits intomainfrom
backport-name-constraints-post-sigs

Conversation

@briansmith
Copy link
Owner

@briansmith briansmith commented Sep 30, 2023
edited
Loading

Rebase #278 on top of main after #277 was merged.

@briansmith briansmith self-assigned this Sep 30, 2023
@briansmith briansmith mentioned this pull request Sep 30, 2023
Closed
@briansmith
Copy link
Owner Author

briansmith commented Sep 30, 2023

@cpu See the last commit about the semver breakage in rcgen.

@codecov
Copy link

codecov bot commented Sep 30, 2023
edited
Loading

Codecov Report

Merging #280 (ed2ac06) into main (4a71d47) will increase coverage by 0.55%.
Report is 3 commits behind head on main.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##             main     #280      +/-   ##
==========================================
+ Coverage   50.62%   51.18%   +0.55%     
==========================================
  Files          18       18              
  Lines        3751     3806      +55     
==========================================
+ Hits         1899     1948      +49     
- Misses       1852     1858       +6
Files Coverage Δ
src/signed_data.rs 100.00% <ø> (ø)
src/verify_cert.rs 94.90% <100.00%> (+0.82%) ⬆️

... and 2 files with indirect coverage changes

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

@briansmith briansmith force-pushed the backport-name-constraints-post-sigs branch from ac5c13b to a7a0d41 Compare September 30, 2023 02:41
@cpu @briansmith
verify_cert: check name constraints after sig. validation
ed2ac06 
Prior to this commit parsing and processing certificate name constraints
was done before validating a chain of signatures to a known trust
anchor. This increases the attack surface of these features, allowing an
adversary to force webpki to process name constraints on a crafted
certificate without needing to have that certificate issued by a trusted
entity.

This commit moves the parsing and processing of name constraints to
after building and verifying the chain of signatures to reduce the
potential for mischief.
@briansmith briansmith force-pushed the backport-name-constraints-post-sigs branch from a7a0d41 to ed2ac06 Compare September 30, 2023 02:53
@briansmith briansmith merged commit 519bcb6 into main Sep 30, 2023
@briansmith briansmith deleted the backport-name-constraints-post-sigs branch September 30, 2023 03:21
@cpu
Copy link
Contributor

cpu commented Sep 30, 2023

@cpu See the last commit about the semver breakage in rcgen.

Thanks, I fixed that upstream but it's pending release.

@cpu cpu mentioned this pull request Oct 2, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@briansmith briansmith

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@briansmith @cpu