Re-encode Certificate in OpenSSH authorized_keys format #8
Conversation
|
For context, the main motivation here is that the OpenSSH version running on Janky boxes doesn't allow for arbitrary certificate extensions. This should get https://github.com/github/github/pull/108335 passing and clean up the test fixtures on that branch. |
|
I take that back. This isn't quite ready for review. I want to add the ability to sign a cert. |
|
Okay. This is ready for 👀 now. For what it's worth, I'm not too concerned with this code, given that it is only going to be used in tests. |
ptoomey3
left a comment
ptoomey3
left a comment
There was a problem hiding this comment.
To be frank, I've only given this a cursory review. There are a lot of additions here that I'm not terribly familiar with. If you think it is worth the time to set aside for a deeper review 👍, just let me know and I will. But, if you think it isn't terribly security-critical (as you noted, the main use case here is for test) and that the tests are good enough to have pretty strong confidence, then I'm ok with that as well.
Same as #7, but for
Certificates. The changes are mostly about cleaning up the code inEncodingand abstracting tests a bit.