Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ingela/ssl/default cert sign/gh 8588/otp 19152 #8624

Merged
merged 2 commits into from
Jul 9, 2024
Merged

Ingela/ssl/default cert sign/gh 8588/otp 19152 #8624

merged 2 commits into from
Jul 9, 2024

Conversation

IngelaAndin
Copy link
Contributor

Smoother upgrade path, allow certs to still use sha1 but not protocol signatures.

@IngelaAndin IngelaAndin requested review from dgud and u3s June 28, 2024 07:36
@IngelaAndin IngelaAndin self-assigned this Jun 28, 2024
@IngelaAndin IngelaAndin added team:PS Assigned to OTP team PS testing currently being tested, tag is used by OTP internal CI labels Jun 28, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jun 28, 2024
edited
Loading

CT Test Results

    2 files     67 suites   48m 49s ⏱️
  791 tests   747 ✅  44 💤 0 ❌
3 760 runs  2 966 ✅ 794 💤 0 ❌

Results for commit 5ed2088.

♻️ This comment has been updated with latest results.

To speed up review, make sure that you have read Contributing to Erlang/OTP and that all checks pass.

See the TESTING and DEVELOPMENT HowTo guides for details about how to run test locally.

Artifacts

// Erlang/OTP Github Action Bot

u3s
u3s reviewed Jun 28, 2024
View reviewed changes
lib/ssl/test/ssl_cert_SUITE.erl Show resolved Hide resolved
lib/ssl/src/ssl.erl Outdated Show resolved Hide resolved
lib/ssl/src/ssl.erl Outdated Show resolved Hide resolved
lib/ssl/src/ssl.erl Outdated Show resolved Hide resolved
lib/ssl/src/ssl.erl Outdated Show resolved Hide resolved
lib/ssl/src/dtls_handshake.erl Outdated Show resolved Hide resolved
lib/ssl/src/ssl_handshake.erl Outdated Show resolved Hide resolved
lib/ssl/test/ssl_api_SUITE.erl Outdated Show resolved Hide resolved
lib/ssl/test/ssl_api_SUITE.erl Show resolved Hide resolved
@IngelaAndin IngelaAndin force-pushed the ingela/ssl/default-cert-sign/GH-8588/OTP-19152 branch from eb6551e to 8959de3 Compare June 28, 2024 15:59
@IngelaAndin IngelaAndin requested a review from u3s July 8, 2024 06:03
@IngelaAndin IngelaAndin force-pushed the ingela/ssl/default-cert-sign/GH-8588/OTP-19152 branch from 8959de3 to 5ed2088 Compare July 8, 2024 09:17
@IngelaAndin IngelaAndin removed the request for review from dgud July 9, 2024 06:30
@IngelaAndin
ssl: Test root cert is allowed to use any signature.
8294895
@IngelaAndin
ssl: Add signature_algs_cert default when signature_algs default is used
e57bfe6 
Make upgrade path smoother by adding rsa_pkcs1_sha to the
default of signature_algs as the default signature_algs_cert.
Note this is only applicable when signature_algs is not configured,
that is set to the default, that will then become the default of
signature_algs_cert in practice. This will allow certificates to
use rsa_pkcs1_sha algorithm but still disallow it in the TLS protocol.

Also add some missing handling of signature_algs_cert in DTLS.

closes erlang#8588
@IngelaAndin IngelaAndin force-pushed the ingela/ssl/default-cert-sign/GH-8588/OTP-19152 branch from 5ed2088 to e57bfe6 Compare July 9, 2024 07:39
@IngelaAndin IngelaAndin merged commit 51faa5f into erlang:maint Jul 9, 2024
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@u3s u3s u3s approved these changes

Assignees

@IngelaAndin IngelaAndin

Labels
team:PS Assigned to OTP team PS testing currently being tested, tag is used by OTP internal CI
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@IngelaAndin @u3s