-
Notifications
You must be signed in to change notification settings - Fork 547
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add '--cert-identity' flag to support subject alternate names for ver… #2278
Conversation
…ification. Signed-off-by: kpk47 <[email protected]>
Codecov Report
@@ Coverage Diff @@
## main #2278 +/- ##
==========================================
+ Coverage 29.02% 29.15% +0.12%
==========================================
Files 131 131
Lines 7872 7899 +27
==========================================
+ Hits 2285 2303 +18
- Misses 5275 5284 +9
Partials 312 312
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. |
You probably need to run |
Signed-off-by: kpk47 <[email protected]>
ff02868
to
e3cf1a9
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, thank you so much!
(I don't actually have CODEOWNERs here but someone with CODEOWNERs will swing by soon)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
very nice!
Looks like you missed a few changes in the e2e_test, otherwise LGTM! |
0cb04a9
@kpk47 can you add the DCO to your last commit? |
Signed-off-by: kpk47 <[email protected]>
0cb04a9
to
5eedb3d
Compare
…ification. Signed-off-by: kpk47 <[email protected]>
Signed-off-by: kpk47 <[email protected]>
Signed-off-by: kpk47 <[email protected]>
…-identity Signed-off-by: kpk47 <[email protected]>
@kpk47 You'll need to sign the DCO again. |
Signed-off-by: kpk47 <[email protected]>
I do a [whole bunch of reviewing for Cosign](https://github.com/sigstore/cosign/pulls?q=is%3Apr++commenter%3Aznewman01) and get CC'd in [pretty frequently](https://github.com/sigstore/cosign/pulls?q=is%3Apr+mentions%3Aznewman01) but wind up needing a second reviewer in every case. Would be nice to avoid that (so contributors [don't get stuck](sigstore/cosign#2278)). Signed-off-by: Zack Newman <[email protected]>
I do a [whole bunch of reviewing for Cosign](https://github.com/sigstore/cosign/pulls?q=is%3Apr++commenter%3Aznewman01) and get CC'd in [pretty frequently](https://github.com/sigstore/cosign/pulls?q=is%3Apr+mentions%3Aznewman01) but wind up needing a second reviewer in every case. Would be nice to avoid that (so contributors [don't get stuck](sigstore/cosign#2278)). Signed-off-by: Zack Newman <[email protected]> Signed-off-by: Zack Newman <[email protected]>
…ification.
Summary
This PR adds the '--cert-identity' flag for supporting SANs during verification. This change is working towards #2056, but does not fix it completely.
Fixes #1964
Release Note
Added support for certificate Subject Alternate Names during verification flow.
Documentation
N/A, though this flag will need documenting if/when it completely replaces --cert-email.