-
-
Notifications
You must be signed in to change notification settings - Fork 158
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MDS TOC header certficates and root certificate have changed and it's broken Fido2MetadataServiceRepository #224
Labels
enhancement
Enhancements or general improvements
Comments
This is the revised function to get the public key from cert strings that comes from the
And instead of using the const for the root cert I'm downloading it from the advertised URL:
|
In my local quick fix I actually embedded the root cert like the old implementation in the end. |
Fixed by #225, thanks! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I had put a note in my calendar to renew our access token this week as it's going to expire next week.
First challenge was actually renewing it (web site is broken) but thankfully Yuriy Ackermann saw my Google group post and forwarded a new one on but also dropped the bomb that the root cert has changed (and I'm guessing more besides given the error below)
This is what I get if I run 2.0.1 (similar on 1.x too):
Having stepped through the code I can see that the new certs in the
x5c
header use RSA and not ECDsa but it's hard coded to callX509Certificate2.GetECDsaPublicKey()
I can hotfix this locally and we cache the MDS data (and fortunately in a way where it's easy to change the expiry time too) but this may bite others as they've already rolled out the changes to the TOC (on the 19th) and my current entries are cached until the 29th of April which is based on the NextUpdate value from the previous TOC.
The new root cert is here: https://secure.globalsign.com/cacert/root-r3.crt
I'll post a code snippet once I have I have proven it works.
The text was updated successfully, but these errors were encountered: