Closed loosebazooka closed 3 months ago
This makes it easier to verify things like github idtokens that change the SAN on each release tag.
needs #730 and #731
Turns out there was OID processing that changed because old fulcio OIDs were raw strings and new ones are DER Encoded UTF8. see: https://github.com/sigstore/fulcio/blob/main/docs/oid-info.md#extension-values
This is ready but I'm going to pull some parts out so it's easier to review.
kk, this should be ready to go @vlsi @patflynn
This makes it easier to verify things like github idtokens that change the SAN on each release tag.
needs #730 and #731Turns out there was OID processing that changed because old fulcio OIDs were raw strings and new ones are DER Encoded UTF8. see: https://github.com/sigstore/fulcio/blob/main/docs/oid-info.md#extension-values