Skip to content
This repository has been archived by the owner on Aug 2, 2023. It is now read-only.

Golang: logclient does not check signature of STH #1114

Open
dndx opened this issue Feb 17, 2016 · 1 comment
Open

Golang: logclient does not check signature of STH #1114

dndx opened this issue Feb 17, 2016 · 1 comment

Comments

@dndx
Copy link

dndx commented Feb 17, 2016

Currently the Golang logclient does not check the the signature returned by the /ct/v1/get-sth as defined in RFC 6962 section 4.3.

Seems that there is already a function SignatureVerifier.VerifySTHSignature() in signatures.go that can be used to check the signature of a STH, just need to integrate it with logclient to actually check the sig.

Related to this, getConsistencyProofResponse, getAuditProofResponse and getEntryAndProofResponse should probably be checking against STH for integrity as well.
@gdbelvin gdbelvin mentioned this issue Jun 6, 2016
Closed
5 tasks
@rolandshoemaker
Copy link
Contributor

Fixed by #1316.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dndx @rolandshoemaker