boulder

History

Aaron Gable 1e11833478 wfe2: Check signatures before serving cert chains (#5273 ) Add a check to `wfe2.Certificate` to ensure that the chain we select to serve with the end-entity cert actually validates the end-entity's signature. Add new test certificates, generated to match our actual hierarchy. Update wfe2 tests to use the new test certificates, as well as new mocks, in order to properly test the new check. The new test certs and overhauled tests are necessary because the prior wfe2 tests built and served chains that were not valid, and in fact could not be valid because they were built with self-signed certs. Fixes #5225	2021-02-09 09:09:49 -08:00
..
ca.go	core: move to proto3 (#5063 )	2020-08-31 17:58:32 -07:00
mocks.go	wfe2: Check signatures before serving cert chains (#5273 )	2021-02-09 09:09:49 -08:00

wfe2: Check signatures before serving cert chains (#5273 )

Add a check to `wfe2.Certificate` to ensure that the chain we select to
serve with the end-entity cert actually validates the end-entity's
signature. Add new test certificates, generated to match our actual
hierarchy. Update wfe2 tests to use the new test certificates, as well
as new mocks, in order to properly test the new check.

The new test certs and overhauled tests are necessary because the prior
wfe2 tests built and served chains that were not valid, and in
fact could not be valid because they were built with self-signed certs.

Fixes #5225

2021-02-09 09:09:49 -08:00

ca.go

core: move to proto3 (#5063 )

2020-08-31 17:58:32 -07:00

mocks.go

wfe2: Check signatures before serving cert chains (#5273 )

2021-02-09 09:09:49 -08:00