From b6967fb02ef5f8ca83640462106378c24ef2a298 Mon Sep 17 00:00:00 2001 From: "pyca-boringbot[bot]" Date: Sun, 7 Jun 2026 10:45:05 +0000 Subject: [PATCH 1/2] Bump x509-limbo and/or wycheproof in CI --- .github/actions/fetch-vectors/action.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/actions/fetch-vectors/action.yml b/.github/actions/fetch-vectors/action.yml index 7c0402f527d1..57114e465b8a 100644 --- a/.github/actions/fetch-vectors/action.yml +++ b/.github/actions/fetch-vectors/action.yml @@ -9,14 +9,14 @@ runs: with: repository: "C2SP/wycheproof" path: "wycheproof" - # Latest commit on the wycheproof main branch, as of Jun 06, 2026. - ref: "55239189a3ebaa1b0d993c52ab182eea3adbcd02" # wycheproof-ref + # Latest commit on the wycheproof main branch, as of Jun 07, 2026. + ref: "6d7cccd0fcb1917368579adeeac10fe802f1b521" # wycheproof-ref persist-credentials: false - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: "C2SP/x509-limbo" path: "x509-limbo" - # Latest commit on the x509-limbo main branch, as of June 6, 2026. - ref: "8e1700f79ade7df528c483aa62410c769c828a4d" # x509-limbo-ref + # Latest commit on the x509-limbo main branch, as of Jun 07, 2026. + ref: "1983423436313a6605461056470e21242d066416" # x509-limbo-ref persist-credentials: false From 70eece5fda8f243be3420b74654038c674c3e6fc Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Sun, 7 Jun 2026 07:14:10 -0700 Subject: [PATCH 2/2] fix typo --- tests/x509/verification/test_limbo.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/x509/verification/test_limbo.py b/tests/x509/verification/test_limbo.py index 5f294a453c54..97b092bc3520 100644 --- a/tests/x509/verification/test_limbo.py +++ b/tests/x509/verification/test_limbo.py @@ -79,7 +79,7 @@ "webpki::aki::root-with-aki-all-fields", # We allow RSA keys that aren't divisible by 8, which is technically # forbidden under CABF. No other implementation checks this either. - "webpki::forbidden-rsa-not-divisable-by-8-in-root", + "webpki::forbidden-rsa-not-divisible-by-8-in-root", # We disallow CAs in the leaf position, which is explicitly forbidden # by CABF (but implicitly permitted under RFC 5280). This is consistent # with what webpki and rustls do, but inconsistent with Go and OpenSSL.