Verify certificates by issuer regex #234

steiza · 2024-07-16T15:31:13Z

Description

When we verify certificates, today we accept:

An issuer string (e.g. https://token.actions.githubusercontent.com/)
A SAN string (the user or workload identity used in the certificate)
A SAN regex (in case you want to support a range of SAN strings)

Noticeably absent is an issuer regex, which is a feature supported by cosign. We should consider adding this capability to sigstore-go.

See #229 (comment) for the initial discussion.

The text was updated successfully, but these errors were encountered:

For #234 Signed-off-by: Zach Steindler <steiza@github.com>

…ion (#236) For #234 --------- Signed-off-by: Zach Steindler <steiza@github.com>

steiza added enhancement New feature or request v1.0 items we want to consider for a v1.0 release labels Jul 16, 2024

steiza mentioned this issue Jul 16, 2024

Updates for SAN parsing #229

Merged

steiza self-assigned this Jul 18, 2024

steiza added a commit that referenced this issue Jul 18, 2024

Add the ability to specify certificate identity via a regular expression

7c0ed51

For #234 Signed-off-by: Zach Steindler <steiza@github.com>

steiza mentioned this issue Jul 18, 2024

Add the ability to specify certificate identity via a regular expression #236

Merged

steiza closed this as completed in #236 Jul 24, 2024

steiza added a commit that referenced this issue Jul 24, 2024

Add the ability to specify certificate identity via a regular express…

a808341

…ion (#236) For #234 --------- Signed-off-by: Zach Steindler <steiza@github.com>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Verify certificates by issuer regex #234

Verify certificates by issuer regex #234

steiza commented Jul 16, 2024

Verify certificates by issuer regex #234

Verify certificates by issuer regex #234

Comments

steiza commented Jul 16, 2024