Don't fail open in VerifyBundle

This code path succeeding and bypassing all future checks worries me greatly, and I can't find any documentation nor explanation for why that is necessary, so let's close this avenue and see what breaks. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
sigstore · Apr 22, 2022 · a27ad0f · a27ad0f
1 parent 3c2084c
commit a27ad0f
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/pkg/cosign/verify.go b/pkg/cosign/verify.go
@@ -753,7 +753,7 @@ func VerifyBundle(ctx context.Context, sig oci.Signature) (bool, error) {
 	if err != nil {
 		return false, err
 	} else if cert == nil {
-		return true, nil
+		return false, errors.New("signature does not include a certificate")
 	}
 
 	// verify the cert against the integrated time