Support Windows SCEP request certificates on Go 1.23 #28
Conversation
| @@ -0,0 +1,45 @@ | |||
| //go:build go1.23 | |||
There was a problem hiding this comment.
Considering the build matrix in ci.yml would this file every be executed during our builds?
There was a problem hiding this comment.
Not in our CI, atm, no. But it works on my machine 😄
There was a problem hiding this comment.
Sure but maybe expand the matrix to include these later Go versions that we are interested in?
There was a problem hiding this comment.
Absolutely, but that's why I called out #13 in the OP. There are some more things to fix before we can do so.
There was a problem hiding this comment.
Maybe just add Go 1.23 then? Or it will break the build if you add it?
There was a problem hiding this comment.
I'll try, but my guess is it breaks, yes
pkcs7.go
Outdated
| // if it fails on the above case, it'll retry parsing the certificates using a | ||
| // copy of the crypto/x509 package based on Go 1.23, but skips checking the | ||
| // authority key identifier extension being critical or not. | ||
| var EnableFallbackLegacyX509CertificateParser bool |
There was a problem hiding this comment.
Perhaps a function that sets/unsets an atomic bit might be better here, instead of a global.
parse_go1.23_test.go
Outdated
| p7, err = Parse(data) | ||
| if err != nil { | ||
| t.Errorf("failed parsing SCEP request data with legacy X509 certificate parser enabled: %v", err) | ||
| } | ||
| EnableFallbackLegacyX509CertificateParser(false) | ||
| SetFallbackLegacyX509CertificateParserEnabled(false) |
There was a problem hiding this comment.
If an error happens, you won't switch it back for the other tests. Perhaps do this in cleanup.
Scratch the above. It's Errorf & not Fatalf.
hslatman
deleted the
herman/support-windows-scep-request-certificates
branch
Notable changes:
SetFallbackLegacyX509CertificateParserEnabledto enable parsing using the "legacy"crypto/x509certificate parser upon failure to parse using the version the code is compiled with.legacyx509package, which contains parts of the Gocrypto/x509stdlib at 1.23, specifically the parts required to parse X509 certificates.x509.CertificateWe can likely add the removed parts back when the package as a whole requires a new Go version.