Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Compare public keys on trusted leaf certs, to prevent use of alternate certs with the same/forged serial numbers #25649

Merged
merged 2 commits into from
Feb 26, 2024
Merged

Compare public keys on trusted leaf certs, to prevent use of alternate certs with the same/forged serial numbers #25649

merged 2 commits into from
Feb 26, 2024

Conversation

sgmiller
Copy link
Collaborator

By comparing public keys, we ensure the caller possessed the corresponding
private key of the role configured cert. The TLS stack will have validated
the signature of the provided certificate.

@sgmiller sgmiller requested a review from a team as a code owner February 26, 2024 22:03
@github-actions github-actions bot added the hashicorp-contributed-pr If the PR is HashiCorp (i.e. not-community) contributed label Feb 26, 2024
@sgmiller sgmiller added backport/1.13.x Backport changes to `release/1.13.x` backport/1.14.x Backport changes to `release/1.14.x` backport/1.15.x Backport changes to `release/1.15.x` backport/1.16.x Backport changes to `release/1.16.x` labels Feb 26, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 26, 2024
edited

CI Results:
All Go tests succeeded! ✅

@sgmiller sgmiller modified the milestones: 1.15.6, 1.16.0 Feb 26, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 26, 2024
edited

Build Results:
All builds succeeded! ✅

@sgmiller sgmiller enabled auto-merge (squash) February 26, 2024 22:18
@sgmiller sgmiller merged commit 7739114 into main Feb 26, 2024
93 of 98 checks passed
@sgmiller sgmiller deleted the sgm/vault-24406/certauth-check-nonca-pubkeys branch February 26, 2024 22:22
This was referenced Feb 26, 2024
Merged
Merged
Merged
Merged
LeSuisse added a commit to LeSuisse/nixpkgs that referenced this pull request Mar 2, 2024
@LeSuisse
vault: 1.15.5 -> 1.15.6
7584eeb 
One security fix: hashicorp/vault#25649

Changes:
https://github.com/hashicorp/vault/releases/tag/v1.15.6
LeSuisse added a commit to LeSuisse/nixpkgs that referenced this pull request Mar 2, 2024
@LeSuisse
vault-bin: 1.15.5 -> 1.15.6
db88484 
One security fix: hashicorp/vault#25649

Changes:
https://github.com/hashicorp/vault/releases/tag/v1.15.6
@LeSuisse LeSuisse mentioned this pull request Mar 2, 2024
Merged
13 tasks
LeSuisse added a commit to LeSuisse/nixpkgs that referenced this pull request Mar 3, 2024
@LeSuisse
vault-bin: 1.15.5 -> 1.15.6
3cd1e89 
One security fix: hashicorp/vault#25649

Changes:
https://github.com/hashicorp/vault/releases/tag/v1.15.6
(cherry picked from commit db88484)
LeSuisse added a commit to LeSuisse/nixpkgs that referenced this pull request Mar 3, 2024
@LeSuisse
vault: 1.14.8 -> 1.14.10
fe0aea9 
One security fix: hashicorp/vault#25649

Changes:
https://github.com/hashicorp/vault/releases/tag/v1.14.10
https://github.com/hashicorp/vault/releases/tag/v1.14.9
@LeSuisse LeSuisse mentioned this pull request Mar 3, 2024
Merged
13 tasks
ReedClanton pushed a commit to ReedClanton/nixpkgs that referenced this pull request Mar 4, 2024
@LeSuisse @ReedClanton
vault: 1.15.5 -> 1.15.6
ddfccbb 
One security fix: hashicorp/vault#25649

Changes:
https://github.com/hashicorp/vault/releases/tag/v1.15.6
ReedClanton pushed a commit to ReedClanton/nixpkgs that referenced this pull request Mar 4, 2024
@LeSuisse @ReedClanton
vault-bin: 1.15.5 -> 1.15.6
4fe6534 
One security fix: hashicorp/vault#25649

Changes:
https://github.com/hashicorp/vault/releases/tag/v1.15.6
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stevendpclark stevendpclark stevendpclark approved these changes

Assignees
No one assigned
Labels
backport/1.13.x Backport changes to `release/1.13.x` backport/1.14.x Backport changes to `release/1.14.x` backport/1.15.x Backport changes to `release/1.15.x` backport/1.16.x Backport changes to `release/1.16.x` hashicorp-contributed-pr If the PR is HashiCorp (i.e. not-community) contributed
Projects
None yet
Milestone
1.16.0
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@sgmiller @stevendpclark