You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I produced a handful of signing certificates from GitHub workflows, and wanted to extract some context information from the OID extensions. It seems like the trigger and SHA are mixed up:
Description
I produced a handful of signing certificates from GitHub workflows, and wanted to extract some context information from the OID extensions. It seems like the trigger and SHA are mixed up:
has the extensions:
but I expect the trigger to be defined at
1.3.6.1.4.1.57264.1.2
and sha to be at1.3.6.1.4.1.57264.1.3
.As far as I can tell, the code extracts the correct claims, and the correct pkix.Extensions are added, so I'm very confused why this is happening!
refs:
https://github.com/sigstore/fulcio/blob/c74e2cfb763dd32def5dc921ff49f579fa262d96/docs/oid-info.md#1361415726412--github-workflow-trigger
The text was updated successfully, but these errors were encountered: