Skip to content

feat: x509 signed commits using openssl

Roger Meier requested to merge siemens/gitlab:feat/x509-signed-commits into master

What does this MR do?

This MR provides basic support for x509 signed commits as proposed within #24512 (closed) and #29782 (closed).

Main difference in comparision to gpg:

  • trust anchor is the certificate authority not a verified key
  • no specific key uploaded by the user
  • verification status could be one of the following
    • verified: email within x509 certificate equals committer email and ca is trusted
    • unverified: email within x509 certificate does not match committer email or ca is not trusted or signature invalid
  • verification can be done using plain OpenSSL functionality or via gpgsm
    • my initial approach was using gpgsm, however the formats and concepts of x509 and gpg keys differ heavily and requires a lot of workarounds when using gpgsm, beside of the additional complexity at the code level gpp does require a lot of local configuration. This will make it error prone and reduce the operatability significantly
    • the openssl native approach is much simpler from an implementation, maintenance and operations point of view


Further reading:

The MR we made to introduce GPG signed commits within GitLab:

Samples of SMIME signed commits:

🔧 with at Siemens

/cc @dlouzan @henning-schild





Does this MR meet the acceptance criteria?


Performance and Testing


If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • Label as security and @ mention @gitlab-com/gl-security/appsec
  • The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • Security reports checked/validated by a reviewer from the AppSec team
Edited by 🤖 GitLab Bot 🤖

Merge request reports