<html>
  <head>
    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <p>Received verbal ack from jmagne.</p>
    <p>pushed to master:</p>
    <p>commit 380f7fda040cc5d394e34eead45ebb921532cc07<br>
    </p>
    <p>thanks,</p>
    <p>Christina<br>
    </p>
    <br>
    <div class="moz-cite-prefix">On 06/05/2017 09:03 AM, Christina Fu
      wrote:<br>
    </div>
    <blockquote
      cite="mid:9f70032d-3185-4bf9-b5b7-67096d0bafb7@redhat.com"
      type="cite">
      <meta http-equiv="content-type" content="text/html; charset=utf-8">
      <p>This patch adds the missing revocation check (and possibly
        validity check) to</p>
      <p><a moz-do-not-send="true" class="moz-txt-link-freetext"
          href="https://pagure.io/dogtagpki/issue/2617">https://pagure.io/dogtagpki/issue/2617</a>
        <span id="issuetitle">Allow CA to process pre-signed CMC
          non-signing certificate requests</span></p>
      <p><span id="issuetitle">The code that CMCUserSignedAuth
          originated from, CMCAuth, has a confusing comment where it
          states:</span></p>
      <p><span id="issuetitle">// verify signer's certificate using the
          revocator<br>
          right above the CryptoManager.isCertValid() call.  Which
          mislead me into believing that the call checks for revocation
          status.</span></p>
      <p><span id="issuetitle">During work for CMC revocation (upcoming
          patch), I found out that is not entirely the case.  The call
          does not check for revocation status when I used a revoked
          cert to sign the cmc request.  I am adding revocation and
          validity checks to make sure that the check is more complete.</span></p>
      <p><span id="issuetitle">thanks,</span></p>
      <p><span id="issuetitle">Christina<br>
        </span></p>
    </blockquote>
    <br>
  </body>
</html>