Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PKI Valdiator always fails on unknown CAs #3529

Merged
merged 5 commits into from
Nov 4, 2024
Merged

PKI Valdiator always fails on unknown CAs #3529

merged 5 commits into from
Nov 4, 2024

Conversation

gerardsn
Copy link
Member

@gerardsn gerardsn commented Nov 1, 2024

closes #3528

changed the accepted errors list from fail open to fail closed

woutslakhorst
woutslakhorst requested changes Nov 4, 2024
View reviewed changes
Copy link
Member

@woutslakhorst woutslakhorst left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

requires some clear documentation, maybe a new page certificates and some addition to recommended deployment checlist.

@gerardsn
Copy link
Member Author

gerardsn commented Nov 4, 2024

what should be added to the recommended deployment?

@gerardsn gerardsn force-pushed the fix-3528/pki-always-fails-on-unknown-CAs branch from c1d180c to aa31a0c Compare November 4, 2024 14:53
@gerardsn gerardsn merged commit e49fd93 into master Nov 4, 2024
9 checks passed
@gerardsn gerardsn deleted the fix-3528/pki-always-fails-on-unknown-CAs branch November 4, 2024 15:08
rolandgroen added a commit that referenced this pull request Nov 4, 2024
@rolandgroen
Merge branch 'master' into x509
4ada7aa 
* master:
  Several doc fixes (#3537)
  PKI Valdiator always fails on unknown CAs (#3529)
  missing breaking changes in release notes (#3536)
  v5.4.12 release notes (#3534) (#3535)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@woutslakhorst woutslakhorst woutslakhorst approved these changes

@reinkrul reinkrul Awaiting requested review from reinkrul reinkrul is a code owner

@stevenvegt stevenvegt Awaiting requested review from stevenvegt stevenvegt is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

PKI: accepts certs not in truststore when softfail=true (default)
2 participants
@gerardsn @woutslakhorst