Skip to content

Commit

Permalink
fix: leaf certificate validation (#202)
Browse files Browse the repository at this point in the history 
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
  • Loading branch information
@Two-Hearts
Two-Hearts committed Apr 18, 2024
1 parent 9f13c9e commit 356b30e
Show file tree
Hide file tree
Showing 2 changed files with 1 addition and 4 deletions.
3 changes: 0 additions & 3 deletions x509/cert_validations.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -186,9 +186,6 @@ func validateLeafKeyUsage(cert *x509.Certificate) error {
}

var invalidKeyUsages []string
if cert.KeyUsage&x509.KeyUsageContentCommitment != 0 {
invalidKeyUsages = append(invalidKeyUsages, `"ContentCommitment"`)
}
if cert.KeyUsage&x509.KeyUsageKeyEncipherment != 0 {
invalidKeyUsages = append(invalidKeyUsages, `"KeyEncipherment"`)
}
Expand Down
2 changes: 1 addition & 1 deletion x509/cert_validations_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -759,7 +759,7 @@ func TestValidateLeafKeyUsage(t *testing.T) {
KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageContentCommitment,
Extensions: extensions,
},
expectedErrMsg: "The certificate with subject \"CN=Test CN\" is invalid. The key usage must be \"Digital Signature\" only, but found \"ContentCommitment\"",
expectedErrMsg: "",
},
{
name: "Missing DigitalSignature usage",
Expand Down

0 comments on commit 356b30e

Please sign in to comment.