open-vault

Commit Graph

Author	SHA1	Message	Date
Jacob Burroughs	65029f8c8f	Fix pkcs7 parsing in some cases (#12519 ) * Fix pkcs7 parsing in some cases brings in https://github.com/mozilla-services/pkcs7/pull/61 from upstream In some cases but not all, aws includes a certificate in the pkcs7 response, and currently vault fails to parse those certificates: ``` URL: PUT https://vault.example.com/v1/auth/aws/login Code: 500. Errors * failed to parse the BER encoded PKCS#7 signature: ber2der: Invalid BER format ``` This fixes logins on those instances. Note we could not readily ascertain why some instances have those certificates and others don't. * Add changelog entry * Correct missed line	2021-09-10 12:17:03 -04:00
Jason O'Donnell	b55e1a31fc	creds/aws: Add support for DSA signature verification for EC2 (#12340 ) * creds/aws: import pkcs7 verification package * Add DSA support * changelog * Add DSA to correct verify function * Remove unneeded tests * Fix backend test * Update builtin/credential/aws/pkcs7/README.md Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com> * Update builtin/credential/aws/path_login.go Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com> Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>	2021-08-19 09:16:31 -04:00

Author

SHA1

Message

Date

Jacob Burroughs

65029f8c8f

Fix pkcs7 parsing in some cases (#12519 )

* Fix pkcs7 parsing in some cases

brings in https://github.com/mozilla-services/pkcs7/pull/61 from upstream

In some cases but not all, aws includes a certificate in the pkcs7 response,
and currently vault fails to parse those certificates:
```
URL: PUT https://vault.example.com/v1/auth/aws/login
Code: 500. Errors
* failed to parse the BER encoded PKCS#7 signature: ber2der: Invalid BER format
```

This fixes logins on those instances.  Note we could not readily ascertain why
some instances have those certificates and others don't.

* Add changelog entry

* Correct missed line

2021-09-10 12:17:03 -04:00

Jason O'Donnell

b55e1a31fc

creds/aws: Add support for DSA signature verification for EC2 (#12340 )

* creds/aws: import pkcs7 verification package

* Add DSA support

* changelog

* Add DSA to correct verify function

* Remove unneeded tests

* Fix backend test

* Update builtin/credential/aws/pkcs7/README.md

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>

* Update builtin/credential/aws/path_login.go

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>

2021-08-19 09:16:31 -04:00

2 Commits