Skip to content

support for RSA-signed certificate chains and non-standard signing algorithms #1544

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
bdehamer merged 4 commits into from
Dec 19, 2025
Merged

support for RSA-signed certificate chains and non-standard signing algorithms #1544

bdehamer merged 4 commits into from
Dec 19, 2025

Conversation

@bdehamer
Copy link
Collaborator

@bdehamer bdehamer commented Dec 18, 2025
edited
Loading

Resolves #1507
Original PR #1508 opened by @imundra

Summary

Hey yall! I'm working on a software team that's looking to adopt sigstore for signing/verification of artifacts internally. We were able to fly through the signing and verification using the Go module but were running into issues verifying using the JS library for the same bundles that were able to be verified by sigstore-go.

In this PR, I'm looking to add support for verification of more complex/non-standard certificates that were used to sign and generate bundles to cover more of our internal PKI use cases 🙂. Let me know if there are any concerns/questions!

Release Note

  • Adding support for verification of more complex/non-standard certificates that were used to sign and generate bundles

@bdehamer bdehamer requested a review from a team as a code owner December 18, 2025 23:44
@changeset-bot
Copy link

changeset-bot bot commented Dec 18, 2025
edited
Loading

🦋 Changeset detected

Latest commit: fbfa39e

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 2 packages
Name Type
@sigstore/core Minor
@sigstore/verify Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@bdehamer bdehamer mentioned this pull request Dec 18, 2025
Closed
@bdehamer bdehamer force-pushed the bdehamer/expand-bundle-verification-support branch 2 times, most recently from 042361e to dce442f Compare December 19, 2025 16:07
imundra and others added 4 commits December 19, 2025 08:10
@bdehamer bdehamer force-pushed the bdehamer/expand-bundle-verification-support branch from dce442f to fbfa39e Compare December 19, 2025 16:10
ejahnGithub
ejahnGithub approved these changes Dec 19, 2025
View reviewed changes
Copy link
Contributor

@ejahnGithub ejahnGithub left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚀

@bdehamer bdehamer merged commit 5ffadc0 into main Dec 19, 2025
23 checks passed
@bdehamer bdehamer deleted the bdehamer/expand-bundle-verification-support branch December 19, 2025 16:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ejahnGithub ejahnGithub ejahnGithub approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

bundle verification does not work with non-standard certificates

4 participants

@bdehamer @ejahnGithub @imundra