Skip to content

Fix MITM CA generation for Azure CLI trust#82

Merged
jimpudar merged 1 commit into
mainfrom
jmp/fix-azure-cli-ca-trust
Jun 3, 2026
Merged

Fix MITM CA generation for Azure CLI trust#82
jimpudar merged 1 commit into
mainfrom
jmp/fix-azure-cli-ca-trust

Conversation

@jimpudar

@jimpudar jimpudar commented Jun 3, 2026

Copy link
Copy Markdown
Collaborator

Summary

  • Add SKI and AKI to the per-instance MITM CA so stricter Python/OpenSSL verification accepts it.
  • Repair legacy per-instance CA certs on startup and force reprovision when the CA changes.
  • Add regression coverage for legacy CA repair and keep the existing spy path on the current cert format.

Testing

  • Unit tests passed for the rootcell suite, including the new CA repair regression.
  • Full Vitest unit project passed.

@jimpudar jimpudar force-pushed the jmp/fix-azure-cli-ca-trust branch from b432ed8 to acd52ef Compare June 3, 2026 10:19
@jimpudar jimpudar force-pushed the jmp/fix-azure-cli-ca-trust branch from acd52ef to 57524da Compare June 3, 2026 10:23
@jimpudar jimpudar merged commit 1063201 into main Jun 3, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jimpudar