Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CLI Login - Handle well-known chains #455

Open
andrewpmartinez opened this issue Aug 5, 2021 · 0 comments
Open

CLI Login - Handle well-known chains #455

andrewpmartinez opened this issue Aug 5, 2021 · 0 comments
Assignees
@andrewpmartinez

Comments

@andrewpmartinez
Copy link
Member

The certs coming back from the well-known bundle aren't ordered in the spec. Showing the first cert in there might not be useful.

The real value to show is to look through the certs in the bundle, order the chains by the signer, and find the cert/certs that is validating the server. Then show the highest cert in that chain (root, intermediate, leaf) or show the entire chain from root->leaf.

Also if cross signing has occurred there may be multiple valid chains.

Normally to deal with this we can rely on golang's x509 capabilities to construct the chains and validate. However, that only provides us a yes/no answer afaik.

Originally posted by @andrewpmartinez in #454 (comment)
@andrewpmartinez andrewpmartinez self-assigned this Aug 5, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@andrewpmartinez andrewpmartinez

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@andrewpmartinez