Closed navzam closed 7 years ago
This is a case of the comment and error string being wrong. This is a "common name", not "alternative name" check. Would happily accept a PR that that updates the error result string and comment. 👍
good catch btw!
Amazon's docs for Checking the Signature of the Request say to check: "The domain echo-api.amazon.com
is present in the Subject Alternative Names
(SANs) section of the signing certificate." That makes me think the comment and error string are correct, but the if
statement is checking the wrong field.
I guess it's working in practice b/c the CN is the same as that SAN domain, but it'd be better to match the docs IMO :)
it'd be better to match the docs IMO
definitely! PR welcome
@navzam maybe after sending a PR for this would be a good time to copy the code/tests/etc over to cortana-verifier
and we can pick up from there?
In validate-cert.js, this code
checks for the domain in the Common Name field. Shouldn't it be looking in the alt names instead? The alt names are present in
cert.extensions[]