-
Notifications
You must be signed in to change notification settings - Fork 90
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
certificate_complete_chain: add ability to identify ed25519 complete chains #777
certificate_complete_chain: add ability to identify ed25519 complete chains #777
Conversation
The actual implementation is here: https://github.com/pyca/cryptography/blob/main/src/rust/src/backend/ed25519.rs#L123 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for your contribution! Can you please add a changelog fragment? Thanks.
fb842c6
to
1aa150c
Compare
I made the requested changes. I did a force push to my repo because I wanted to change the author / email associated with the first commit. I am not sure I did the fragment correctly. Also, wasn't sure if it'd go under minor change or bug fix. I elected minor change since for this specific module it's a new feature. However as the collection as a whole supports ed25519 and ed448, and this module exits with an error without this change. |
changelogs/fragments/777-add_ability_to_identify_ed25519_complete_chains.yml
Outdated
Show resolved
Hide resolved
changelogs/fragments/777-add_ability_to_identify_ed25519_complete_chains.yml
Outdated
Show resolved
Hide resolved
Docs Build 📝Thank you for contribution!✨ This PR has been merged and the docs are now incorporated into |
@gderber thanks for your contribution! |
You're welcome! Thank you for your patience and guidance on this. |
SUMMARY
This adds the ability to use the certificate_complete_chain module on ed25519 certificates.
ISSUE TYPE
COMPONENT NAME
certificate_complete_chain
ADDITIONAL INFORMATION
Without this change, using this module with an ed25519 cert provides an error:
[WARNING]: Unknown public key type "<cryptography.hazmat.backends.openssl.ed25519._Ed25519PublicKey object at 0x7f5263b8bd90>"
Upon making the change, it works. However I do not like it. The reason I don't like it is because the "verify" method for class Ed25519PublicKey in the cryptography library is an abstractmethod with undefined functionality. I could never find where the actual functionality is defined. I don't really understand the cryptography library well, nor how this ansible module uses it. Which means more work may be needed but I am having trouble identifying what that might be.
References:
I am quite open to critics and pointers.