scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-02 11:38:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Allow SignCert callers to override CSR signature checks (#27914)

Browse Source 
- We are leveraging this new feature flag to ignore the CSR's
   signature as we are constructing a CSR based on the information
   from a CMPv2 message.
This commit is contained in:
Steven Clark
2024-07-30 12:20:10 -04:00
committed by GitHub
parent 4f6c215a65
commit 7049424c16
6 changed files with 131 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
sdk/helper/certutil/helpers.go
View File

@@ -1186,9 +1186,10 @@ func signCertificate(data *CreationBundle, randReader io.Reader) (*ParsedCertBun
return nil, errutil.UserError{Err: "nil csr given to signCertificate"}
}
err := data.CSR.CheckSignature()
if err != nil {
return nil, errutil.UserError{Err: "request signature invalid"}
if !data.Params.IgnoreCSRSignature {
if err := data.CSR.CheckSignature(); err != nil {
return nil, errutil.UserError{Err: "request signature invalid"}
}
}
result := &ParsedCertBundle{}