s2n-tls icon indicating copy to clipboard operation
s2n-tls copied to clipboard

Published 20 hours ago verified publisher icon aws

feat: add key preferences to rfc9151 policy

Open jmayclin opened this issue 1 year ago • 0 comments

Resolved issues:

#4294

Description of changes:

This updates the RFC9151 named policy to include key preferences and also apply to local certificates. This is a behavior change.

current behavior

  • certs received over the wire must use a specified certificate signature preference
  • roots of trust must use a specified certificate signature preference

new additional behaviors

  • certs received over the wire must use a specified certificate key preference
  • roots of trust must use a specified certificate key preference
  • certs loaded on a config must use a specified certificate signature preference
  • certs loaded on a config must use a specified certificate key preference

Call-outs:

This PR also includes some unit test cleanup now that we can directly use the RFC9151 policy.

Testing:

All existing CI should pass.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

jmayclin avatar May 02 '24 22:05 jmayclin