Support simultaneous verification of CSR and Challenge Password #115
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add a `WithCombinedVerifier` option, and associated interface, to verify the CSR and challenge password together. This allows the password to be a signature on the csr. Additionally cleanup the logic around verification. This preserves the existing precedence, but should be more clear.
|
These days, bolt fails tests with |
|
We changed the server service significantly in #113. By wrapping challenge password verification as a chained Regarding your second request — modification of the CSR — what do you mean by this? Do you mean doing things to resulting certificate that aren't explicitly set in the CSR? I.e. setting add'l/different attributes and such? That sort of thing I would push towards the CA which, in #113's case, has now been moved into the |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add a
WithCombinedVerifieroption, and associated interface, to verify the CSR and challenge password together. This allows the password to be a signature on the csr.Additionally cleanup the logic around verification. This preserves the existing precedence, but should be more clear.
Question for the maintainers: I think it would be valuable in allowing something to modify the CSR before signing. I think there's an obvious hook for it, right here. What do y'all think? Should that be a different interface? Should this become ValidateAndRewrite ?