Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Include challenge password attribute if required by EST server #38

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Include challenge password attribute if required by EST server #38

wants to merge 2 commits into from

Conversation

mobe1
Copy link

@mobe1 mobe1 commented Mar 15, 2024

The changes introduced come after the issue/feature requrest #30 has been opened.
They allow us to enroll a CSR that includes the TLS-unique value as recommended by the RFC 7030

  • Because each http client instantiation results in a new TLS-unique, one way of including it would be to make EST requests from the same http client.
  • Because the standard crypto/x509 Go package does not handle the challenge password attribute (OID) the way an EST/CA server expects it, the CSR creation had to be wrapped.

@mobe1
Make all http requests from same http client
ca51648 
Code refactoring : change Enroll(), Reenroll() and ServerKeyGen() csr argument type so that we don't depend on x509 package anymore, which today still ignores the challenge password attribute

Inlcude tls unique if required by CA

Add test cases

Add sample

Update readme and documentation
@toddgaunt-gs
Copy link
Collaborator

Thanks for opening this PR, I'll forward this to my team for review.

@toddgaunt-gs
Copy link
Collaborator

toddgaunt-gs commented Apr 9, 2024
edited
Loading

[ ] Need to resolve conflicts after upgrading to Go 1.22.1...

@mobe1
Copy link
Author

mobe1 commented Nov 12, 2024

Thought the comment wasn't for me until I noticed the repo did get upgraded with a different version of go...
The conflicts should be resolved.

@toddgaunt-gs
Copy link
Collaborator

Ah it wasn't actually! Just a reminder for when I had time to get around to this again, but thank you for addressing the changes needed!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tembio tembio Awaiting requested review from tembio

@toddgaunt-gs toddgaunt-gs Awaiting requested review from toddgaunt-gs

@eliot-gs eliot-gs Awaiting requested review from eliot-gs

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mobe1 @toddgaunt-gs