Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve device certificate chain validation #13071

Closed
andrewkozlik opened this issue Jun 25, 2024 · 1 comment · Fixed by #13173
Closed

Improve device certificate chain validation #13071

andrewkozlik opened this issue Jun 25, 2024 · 1 comment · Fixed by #13173
Assignees
@szymonlesisz

Comments

@andrewkozlik
Copy link
Contributor

In the device authenticity check implement the same device certificate chain validations as in trezorlib. Namely those in is_issued_by() and _check_ca_extensions() in [1].

[1] Trezorlib function: https://github.com/trezor/trezor-firmware/blob/main/python/src/trezorlib/authentication.py.
[2] Original feature pull request: #9315
[3] Related trezor-firmware pull request: trezor/trezor-firmware#3944
@github-project-automation github-project-automation bot moved this to 🎯 To do in Suite Desktop Jun 25, 2024
@MiroslavProchazka
Copy link
Contributor

cc @peter-sanderson

@szymonlesisz szymonlesisz mentioned this issue Jul 3, 2024
Merged
@github-project-automation github-project-automation bot moved this from 🎯 To do to 🤝 Needs QA in Suite Desktop Jul 19, 2024
@STew790 STew790 moved this from 🤝 Needs QA to ✅ Approved in Suite Desktop Aug 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@szymonlesisz szymonlesisz

Labels
None yet
Projects
Suite Desktop
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(connect): authenticateDevice verify CA cert extensions trezor/trezor-suite
3 participants
@szymonlesisz @andrewkozlik @MiroslavProchazka