Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DecodeChain assumes the certificate chain order is from the leaf to root #54

Open
magodo opened this issue Nov 10, 2023 · 0 comments
Open

DecodeChain assumes the certificate chain order is from the leaf to root #54

magodo opened this issue Nov 10, 2023 · 0 comments
Labels
feature

Comments

@magodo
Copy link

magodo commented Nov 10, 2023
edited
Loading

I'm new to the cryptography area, and I'd like to post some stupid question here.

I'm using this package to decode a pfx exported from Azure Key Vault, where the PEM blocks after decoding is in the order of: private key -> root cert -> intermidiary cert -> leaf cert. The DecodeChain returns the root cert as the certficate.

The document of this function clearly states that:

The first certificate is assumed to be the leaf certificate, and subsequent certificates, if any, are assumed to comprise the CA certificate chain.

It is obvious that I can manually tweak the returned certificate and caCerts as I already know my pfx is in the reverse order as is expected by this API. Whilst I'd like to see if there is an idiomatic way to achieve this. Even better, is there a way I can tell which order the current pfx is in, and conditionally apply the order reversing. Does it make sense to embed above ordering things to this API so that it can handle both orders?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@AGWA @magodo