Skip to content

Make CertLoader reject duplicate attributes #104344

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Jul 4, 2024
Merged

Make CertLoader reject duplicate attributes #104344

merged 3 commits into from
Jul 4, 2024

Conversation

@bartonjs
Copy link
Member

@bartonjs bartonjs commented Jul 3, 2024

The new Pkcs12 loader will now reject duplicate attributes, either as multiple attribute sets, or a set with multiple values.

The LoaderLimits type gains an option to disable this filter, but as of now it is not being made into public API (though the tests show how to get at it anyways, by the cloning behavior on DangerousNoLimits).

This change also fixes the over-filtering of the MachineKey attribute, and adds tests for how that behaves under DefaultKeySet.

Fixes #103924

@bartonjs
Make CertLoader reject duplicate attributes
9ada73a 
The new Pkcs12 loader will now reject duplicate attributes,
either as multiple attribute sets, or a set with multiple values.

The LoaderLimits type gains an option to disable this filter, but
as of now it is not being made into public API (though the tests
show how to get at it anyways, by the cloning behavior on
DangerousNoLimits).

This change also fixes the over-filtering of the MachineKey attribute,
and adds tests for how that behaves under DefaultKeySet.
@bartonjs bartonjs added this to the 9.0.0 milestone Jul 3, 2024
@bartonjs bartonjs self-assigned this Jul 3, 2024
@dotnet-policy-service
Copy link
Contributor

Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones
See info in area-owners.md if you want to be subscribed.

This was referenced Jul 3, 2024
Closed
Closed
@build-analysis build-analysis bot mentioned this pull request Jul 4, 2024
Closed
@bartonjs bartonjs merged commit 6f9076c into dotnet:main Jul 4, 2024
@bartonjs bartonjs deleted the pfx_dupattrs branch July 4, 2024 04:21
@github-actions github-actions bot locked and limited conversation to collaborators Aug 3, 2024
@bartonjs bartonjs added cryptographic-docs-impact Issues impacting cryptographic docs. Cleared and reused after documentation is updated each release. tracking-external-issue The issue is caused by external problem (e.g. OS) - nothing we can do to fix it directly tracking This issue is tracking the completion of other related issues. and removed tracking-external-issue The issue is caused by external problem (e.g. OS) - nothing we can do to fix it directly labels Sep 23, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@vcsjones vcsjones vcsjones approved these changes

Assignees

@bartonjs bartonjs

Labels

area-System.Security cryptographic-docs-impact Issues impacting cryptographic docs. Cleared and reused after documentation is updated each release. tracking This issue is tracking the completion of other related issues.

Projects

None yet

Milestone

9.0.0

Development

Successfully merging this pull request may close these issues.

Decide on a policy for duplicate attributes on PKCS12 values

2 participants

@bartonjs @vcsjones