Skip to content

Fix factory provisioned cert detection to catch "really old" certs#85

Merged
copybara-service[bot] merged 1 commit into
mainfrom
test_930160291
Jun 11, 2026
Merged

Fix factory provisioned cert detection to catch "really old" certs#85
copybara-service[bot] merged 1 commit into
mainfrom
test_930160291

Conversation

@copybara-service

@copybara-service copybara-service Bot commented Jun 11, 2026

Copy link
Copy Markdown

Fix factory provisioned cert detection to catch "really old" certs

Factory certificates changed format at some point between 2016 and 2021,
which breaks the "isFactoryProvisioned" check.

Make the check a bit more lax so that we consider more cert types as
factory provisioned. This is safe because we are not relaxing the
isRemoteProvisioned check at all, and that is the check that attackers
want to spoof.

@sethmoo @copybara-github
Fix factory provisioned cert detection to catch "really old" certs
7f99055 
Factory certificates changed format at some point between 2016 and 2021,
which breaks the "isFactoryProvisioned" check.

Make the check a bit more lax so that we consider more cert types as
factory provisioned. This is safe because we are not relaxing the
isRemoteProvisioned check at all, and that is the check that attackers
want to spoof.

PiperOrigin-RevId: 930722556
@copybara-service copybara-service Bot merged commit 7f99055 into main Jun 11, 2026
@copybara-service copybara-service Bot deleted the test_930160291 branch June 11, 2026 20:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sethmoo