Closed zhalvorsen closed 7 months ago
We could use this bug to track the following fixes in #75:
verification_test.go:329: [ERROR] RFC5280: Certificates valid through the year 2049 MUST be encoded in UTC time (RFC 5280: 4.1.2.5)
verification_test.go:329: [WARN] RFC5280: Sub certificates SHOULD include Subject Key Identifier in end entity certs (RFC 5280: 4.2 & 4.2.1.2)
verification_test.go:329: [ERROR] RFC5280: CAs must support key identifiers and include them in all certificates (RFC 5280: 4.2 & 4.2.1.1)
verification_test.go:329: [ERROR] RFC5280: CAs must include keyIdentifer field of AKI in all non-self-issued certificates (RFC 5280: 4.2.1.1)
3 & 4 should be solved by https://github.com/chipsalliance/caliptra-dpe/issues/80
Note that there are still a few errors picked up by the linter. We should try to fix these and then make the linter check fail the test.
We should check our certificates against zlint to make sure we are constructing the certificates correctly.