Update crypto + bugfix in x509KeyPairProvider #122
Conversation
There was a problem hiding this comment.
Reviewed 153 of 153 files at r1, all commit messages.
Reviewable status: all files reviewed, 2 unresolved discussions / 0 of 1 LGTMs obtained / 0 of 1 approvals obtained
go/pkg/cs/drkey/grpc/golden.topo line 1 at r1 (raw file):
---
I think this file is duplicated and not necessary here.
go/pkg/trust/x509KeyPairProvider.go line 67 at r1 (raw file):
continue } if bestChain != nil && bestExpiry.Before(expiry) {
all good, but can we extend the UT for LoadX509KeyPair so that it covers this as well?
There was a problem hiding this comment.
On my side, the test for go/pkg/ca/renewal fails (needs updated testdata).
Reviewable status: all files reviewed, 2 unresolved discussions / 0 of 1 LGTMs obtained / 0 of 1 approvals obtained
There was a problem hiding this comment.
Reviewable status: all files reviewed, 2 unresolved discussions / 0 of 1 LGTMs obtained / 0 of 1 approvals obtained
go/pkg/cs/drkey/grpc/golden.topo line 1 at r1 (raw file):
Previously, juagargi (Juan A. Garcia Pardo) wrote…
I think this file is duplicated and not necessary here.
Done.
go/pkg/trust/x509KeyPairProvider.go line 67 at r1 (raw file):
Previously, juagargi (Juan A. Garcia Pardo) wrote…
all good, but can we extend the UT for
LoadX509KeyPairso that it covers this as well?
Done.
There was a problem hiding this comment.
Reviewed 41 of 41 files at r2, all commit messages.
Reviewable status:complete! all files reviewed, all discussions resolved
This PR resolves #121 updating the crypto material using
go test ./... -update-non-deterministic. In the future we might want to automatically regenerate the crypto material (e.g. https://github.com/scionproto/scion/blob/39b8fd4acbc2773e04e022bd66cf7cffae1f48a7/private/trust/x509_provider_test.go#L45).Additionally, this PR includes a bugfix for the x509KepPairProvider, in order to choose the certificate chain the expires the latest.
This change is