Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: generate a subject key identifier when creating a certificate #263

Merged
merged 2 commits into from
Dec 24, 2024
Merged

feat: generate a subject key identifier when creating a certificate #263

merged 2 commits into from
Dec 24, 2024
+53 −0

Conversation

kruskall
Copy link
Member

What does this PR do?

If a subject key id is omitted, go will generate one using sha1. This is described as method 1 in RFC 5280 Section 4.2.1.2.

Update the code to explicitly pass a subject key id to avoid calling sha1 functions. The new SubjectKeyId is generated using method 1 in RFC 7093 Section 2 which takes 160-bits of the SHA-256 hash.

Why is it important?

When sha1 is not available (e.g. fips only mode) this method will panic.

elastic-agent is also using these methods so some of the tests are failing in fips only mode.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have added tests that prove my fix is effective or that my feature works

Author's Checklist

  • [ ]

Related issues

@kruskall
feat: generate a subject key identifier when creating a certificate
cfb6f60 
If a subject key id is omitted, go will generate one using sha1.
This is described as method 1 in RFC 5280 Section 4.2.1.2.

When sha1 is not available (e.g. fips only mode) this method will
panic.

Update the code to explicitly pass a subject key id to avoid calling
sha1 functions. The new SubjectKeyId is generated using
method 1 in RFC 7093 Section 2 which takes 160-bits of the SHA-256 hash.
@kruskall kruskall requested a review from a team as a code owner December 19, 2024 23:29
@kruskall kruskall requested review from belimawr and faec and removed request for a team December 19, 2024 23:29
@elasticmachine
Copy link
Collaborator

💚 Build Succeeded

History

@ycombinator ycombinator added the Team:Elastic-Agent-Data-Plane Label for the Agent Data Plane team label Dec 23, 2024
@kruskall kruskall merged commit 318addd into elastic:main Dec 24, 2024
7 checks passed
@kruskall kruskall deleted the feat/ca-generate-ski branch December 24, 2024 11:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mauri870 mauri870 mauri870 approved these changes

@belimawr belimawr Awaiting requested review from belimawr belimawr is a code owner automatically assigned from elastic/elastic-agent-data-plane

@faec faec Awaiting requested review from faec faec is a code owner automatically assigned from elastic/elastic-agent-data-plane

Assignees
No one assigned
Labels
Team:Elastic-Agent-Data-Plane Label for the Agent Data Plane team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@kruskall @elasticmachine @mauri870 @ycombinator