10ecf10248
* PKI: Add support for signature_bits param to the intermediate/generate api - Mainly to work properly with GCP backed managed keys, we need to issue signatures that would match the GCP key algorithm. - At this time due to https://github.com/golang/go/issues/45990 we can't issue PSS signed CSRs, as the libraries in Go always request a PKCS1v15. - Add an extra check in intermediate/generate that validates the CSR's signature before providing it back to the client in case we generated a bad signature such as if an end-user used a GCP backed managed key with a RSA PSS algorithm. - GCP ignores the requested signature type and always signs with the key's algorithm which can lead to a CSR that says it is signed with a PKCS1v15 algorithm but is actually a RSA PSS signature * Add cl * PR feedback |
||
|---|---|---|
| .. | ||
| databases | ||
| identity | ||
| key-management | ||
| kv | ||
| pki | ||
| ssh | ||
| transform | ||
| transit | ||
| ad.mdx | ||
| alicloud.mdx | ||
| aws.mdx | ||
| azure.mdx | ||
| consul.mdx | ||
| cubbyhole.mdx | ||
| gcp.mdx | ||
| gcpkms.mdx | ||
| index.mdx | ||
| kmip.mdx | ||
| kubernetes.mdx | ||
| mongodbatlas.mdx | ||
| nomad.mdx | ||
| openldap.mdx | ||
| rabbitmq.mdx | ||
| terraform.mdx | ||
| totp.mdx | ||
| venafi.mdx | ||