Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Expand certificate chain validation options #120

Closed
9 tasks done
atc0005 opened this issue Jun 26, 2022 · 1 comment
Closed
9 tasks done

Expand certificate chain validation options #120

atc0005 opened this issue Jun 26, 2022 · 1 comment
Assignees
@atc0005
Labels
config enhancement New feature or request
Milestone
v0.8.0

Comments

@atc0005
Copy link
Owner

atc0005 commented Jun 26, 2022
edited
Loading

Overview

This was pulled from #211 (comment):

Validations (some repeated):

  • cert chain ordering
  • hostname
  • expiration
  • duplicates
  • has root cert
  • has multiple intermediates
  • missing intermediates
  • missing root

I will need to review the current list of GH issues and file new ones for any validation checks that appear viable and are not already represented by a separate issue. I can process these as part of future milestone efforts.

TODO

  • expiration
  • hostname
  • subject alternate names
  • certificate chain verification (validating signatures from leaf to root)
  • duplicates
  • has root cert
  • missing root cert
  • multiple intermediates
  • missing intermediates

Some of these will end up being research items instead of confirmed TODO items.

For example, would it really be valuable to flag a certificate chain for not including a root certificate? From what I recall, current best practices indicate that you should only include the leaf and one or more intermediates necessary to complete the chain from the leaf to a root certificate which should already be present in the local certificates store on the client system.
@atc0005 atc0005 self-assigned this Jun 26, 2022
@atc0005 atc0005 added enhancement New feature or request config labels Jun 26, 2022
@atc0005 atc0005 modified the milestones: v0.9.0, v0.8.0 Jun 26, 2022
This was referenced Jun 27, 2022
Open
Open
Open
Closed
Closed
@atc0005
Copy link
Owner Author

atc0005 commented Jun 27, 2022

Spun off separate GH issues for research and potential implementation.

@atc0005 atc0005 closed this as completed Jun 27, 2022
@atc0005 atc0005 transferred this issue from another repository Feb 22, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@atc0005 atc0005

Labels
config enhancement New feature or request
Projects
None yet
Milestone
v0.8.0
Development

No branches or pull requests
1 participant
@atc0005