Skip to content

support for RSA-signed certificate chains and non-standard signing algorithms #1508

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
imundra wants to merge 1 commit into
base: main
Choose a base branch
from
Open

support for RSA-signed certificate chains and non-standard signing algorithms #1508

imundra wants to merge 1 commit into from

Conversation

@imundra
Copy link

@imundra imundra commented Nov 25, 2025
edited
Loading

Resolves #1507

Summary

Hey yall! I'm working on a software team that's looking to adopt sigstore for signing/verification of artifacts internally. We were able to fly through the signing and verification using the Go module but were running into issues verifying using the JS library for the same bundles that were able to be verified by sigstore-go.

In this PR, I'm looking to add support for verification of more complex/non-standard certificates that were used to sign and generate bundles to cover more of our internal PKI use cases 🙂. Let me know if there are any concerns/questions!

Release Note

  • Adding support for verification of more complex/non-standard certificates that were used to sign and generate bundles

@imundra imundra requested a review from a team as a code owner November 25, 2025 19:26
@changeset-bot
Copy link

changeset-bot bot commented Nov 25, 2025

🦋 Changeset detected

Latest commit: f42de44

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 2 packages
Name Type
@sigstore/verify Minor
@sigstore/core Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@imundra imundra changed the title support for RSA-signed certificates and non-SHA256 algorithms support for RSA-signed certificate chains and non-standard signing algorithms Nov 25, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

bundle verification does not work with non-standard certificates

1 participant

@imundra