Enrollment certificates should have their own key name |
||||
Issue descriptionEnrollment and machine certificates share the same key name, "attest-ent-machine" which was fine when enrollment certs were only requested before machine certs were, but introduces bad behavior (such as requesting an enrollment cert after a machine cert and being handed the machine cert) otherwise.
,
Jan 3 2018
,
Jan 9 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/45255b6155dfcbe09256f6149d8ce9818340322c commit 45255b6155dfcbe09256f6149d8ce9818340322c Author: Yves Arrouye <drcrash@google.com> Date: Tue Jan 09 02:50:16 2018 Use a specific key name for enterprise enrollment certificates Up to now we only needed an enrollment certificate before we would request a machine certificate so using the same key name for both worked since the machine certificate was requested after any enrollment one, and would be generated with a new key. However with automatic re-enrollment we can request an enrollment certificate after obtaining a machine one. Without a distinct key name, a request for an enrollment certificate may in fact return the latter requested machine certificate. BUG= chromium:798872 TEST=chromeos_unittests Change-Id: Iec64b3cb210c6f75ce3cbca11ec4315874926f52 Reviewed-on: https://chromium-review.googlesource.com/847943 Reviewed-by: Alexander Alekseev <alemate@chromium.org> Commit-Queue: Yves Arrouye <drcrash@chromium.org> Cr-Commit-Position: refs/heads/master@{#527878} [modify] https://crrev.com/45255b6155dfcbe09256f6149d8ce9818340322c/chromeos/attestation/attestation_constants.cc [modify] https://crrev.com/45255b6155dfcbe09256f6149d8ce9818340322c/chromeos/attestation/attestation_constants.h [modify] https://crrev.com/45255b6155dfcbe09256f6149d8ce9818340322c/chromeos/attestation/attestation_flow.cc [modify] https://crrev.com/45255b6155dfcbe09256f6149d8ce9818340322c/chromeos/attestation/attestation_flow_unittest.cc
,
Jan 9 2018
,
Jan 17 2018
|
||||
►
Sign in to add a comment |
||||
Comment 1 by drcrash@chromium.org
, Jan 3 2018