Closed dennisgove closed 4 years ago
Describe the bug
Not all required validations of X509 based SVIDs are taking place. Specifically, the following are not happening:
Per a conversation in the SPIFFE Slack workspace (#spire channel) the current thinking is that these validations should take place in the go-spiffe::VerifyPeerCertificate method. Issue https://github.com/spiffe/go-spiffe/issues/25 has been created on that project to track the addition of those validations.
go-spiffe::VerifyPeerCertificate
This ticket will ensure one of the following occurs:
VerifyPeerCertificates
Resolved: https://github.com/spiffe/go-spiffe/issues/25
pawalt
commented
4 years ago
Describe the bug
Not all required validations of X509 based SVIDs are taking place. Specifically, the following are not happening:
Per a conversation in the SPIFFE Slack workspace (#spire channel) the current thinking is that these validations should take place in the
go-spiffe::VerifyPeerCertificatemethod. Issue https://github.com/spiffe/go-spiffe/issues/25 has been created on that project to track the addition of those validations.This ticket will ensure one of the following occurs:
VerifyPeerCertificates(https://github.com/spiffe/go-spiffe/issues/25) and our dependency is changed to require at least the version with those validations.