Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    Tony Arcieri
    @tarcieri
    that’s with the git version?
    str4d
    @str4d
    Yes, PR is patched to current develop HEAD
    Huh
    Tony Arcieri
    @tarcieri
    different file :weary:
    pkcs8.rs
    str4d
    @str4d
    Argh
    I'll make a new signatory branch and run my PR against it until it passes
    Tony Arcieri
    @tarcieri
    haha ok
    I should really flip Signatory over to GitHub actions
    I say again, lol
    this is annoying
    str4d
    @str4d
    Woop, that was the only other problem
    Tony Arcieri
    @tarcieri
    cool
    I’ll cut a release and poke at flipping it over to Actions
    @str4d ok merged. if you can confirm it’s fixed I’ll cut another release
    with signatory patched to bfcf85d
    Tony Arcieri
    @tarcieri
    cool
    str4d
    @str4d
    Looks like it passes!
    Tony Arcieri
    @tarcieri
    woop
    ok will cut a new release
    Tony Arcieri
    @tarcieri
    on a completely different matter...
    @str4d it’d be cool if name here were Option<&’a str>
    and if it were, omit CN entirely
    str4d
    @str4d
    Is that the right layer?
    making issuer and subject optional
    Hm... maybe not
    Is SEQUENCE OF what allows it to be empty?
    Tony Arcieri
    @tarcieri
    let me ask someone, heh
    also Thomas Pornin would know. I just asked Sleevi...
    str4d
    @str4d
    Going straight to the authoritative root :P
    Tony Arcieri
    @tarcieri
    haha indeed
    he says empty Subject is technically valid per RFC 5280 but Apple has been flaky on support
    also: your CN-encoding code seemingly doesn't apply the 64-char limit
    str4d
    @str4d
    Ooh, good point
    Tony Arcieri
    @tarcieri
    so I think the answer is empty subject is possible but CN is presently required by the CA/B rules (but not RFC 5280)
    empty subject also requires a critical SAN
    wonder if there are SPIFFE identifiers for humans or something
    str4d
    @str4d
    x509 0.1.2 enforces the CN length requirement.
    Tony Arcieri
    @tarcieri
    cool
    str4d
    @str4d
    Opened str4d/x509.rs#1 for the optional CN.
    Tony Arcieri
    @tarcieri
    :thumbsup:
    str4d
    @str4d
    Nice! Horribly unreadable, but nice!