Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.
Sign upSupport PEMs with keyword TRUSTED CERTIFICATE #1476
Labels
Projects
Comments
raycoll
changed the title
|
I was working on #1474 and had to manually change the root cert's keyword from |
|
I tried this patch, which seemed to work immediately, but I'm not sure if this is the best approach: raycoll@6c34bb5 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Problem:
Openssl may generate certificate PEM files that include
TRUSTED CERTIFICATEas the PEM keyword. Currently s2n only supportsCERTIFICATEas the PEM keyword. I don't think this is a typical thing to have in a server certificate chain since it is apparently only added to certs with root trust properties, but it doesn't hurt to at least support them for TLS server purposes(s2n does not parse or on any of the properties of certificates beyond the leaf).Proposed Solution:
Allow PEMs to be parsed that use this keyword in the PEM delimiters.