- provide PINpolicy always to piv-go to avoid trying to use attestation cert, which we might not have

- bump piv-go version to 1.6.0
This commit is contained in:
Pierre Laden 2020-09-16 21:59:48 +02:00
parent 946aedca92
commit 179e793f1a
2 changed files with 2 additions and 1 deletions

2
go.mod
View file

@ -7,7 +7,7 @@ require (
github.com/Masterminds/sprig/v3 v3.1.0 github.com/Masterminds/sprig/v3 v3.1.0
github.com/aws/aws-sdk-go v1.30.29 github.com/aws/aws-sdk-go v1.30.29
github.com/go-chi/chi v4.0.2+incompatible github.com/go-chi/chi v4.0.2+incompatible
github.com/go-piv/piv-go v1.5.0 github.com/go-piv/piv-go v1.6.0
github.com/googleapis/gax-go/v2 v2.0.5 github.com/googleapis/gax-go/v2 v2.0.5
github.com/juju/ansiterm v0.0.0-20180109212912-720a0952cc2a // indirect github.com/juju/ansiterm v0.0.0-20180109212912-720a0952cc2a // indirect
github.com/lunixbochs/vtclean v1.0.0 // indirect github.com/lunixbochs/vtclean v1.0.0 // indirect

View file

@ -142,6 +142,7 @@ func (k *YubiKey) CreateSigner(req *apiv1.CreateSignerRequest) (crypto.Signer, e
priv, err := k.yk.PrivateKey(slot, cert.PublicKey, piv.KeyAuth{ priv, err := k.yk.PrivateKey(slot, cert.PublicKey, piv.KeyAuth{
PIN: k.pin, PIN: k.pin,
PINPolicy: piv.PINPolicyAlways,
}) })
if err != nil { if err != nil {
return nil, errors.Wrap(err, "error retrieving private key") return nil, errors.Wrap(err, "error retrieving private key")