<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Received verbal ack from jmagne.</p>
<p>pushed to master:</p>
<p>commit 380f7fda040cc5d394e34eead45ebb921532cc07<br>
</p>
<p>thanks,</p>
<p>Christina<br>
</p>
<br>
<div class="moz-cite-prefix">On 06/05/2017 09:03 AM, Christina Fu
wrote:<br>
</div>
<blockquote
cite="mid:9f70032d-3185-4bf9-b5b7-67096d0bafb7@redhat.com"
type="cite">
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<p>This patch adds the missing revocation check (and possibly
validity check) to</p>
<p><a moz-do-not-send="true" class="moz-txt-link-freetext"
href="https://pagure.io/dogtagpki/issue/2617">https://pagure.io/dogtagpki/issue/2617</a>
<span id="issuetitle">Allow CA to process pre-signed CMC
non-signing certificate requests</span></p>
<p><span id="issuetitle">The code that CMCUserSignedAuth
originated from, CMCAuth, has a confusing comment where it
states:</span></p>
<p><span id="issuetitle">// verify signer's certificate using the
revocator<br>
right above the CryptoManager.isCertValid() call. Which
mislead me into believing that the call checks for revocation
status.</span></p>
<p><span id="issuetitle">During work for CMC revocation (upcoming
patch), I found out that is not entirely the case. The call
does not check for revocation status when I used a revoked
cert to sign the cmc request. I am adding revocation and
validity checks to make sure that the check is more complete.</span></p>
<p><span id="issuetitle">thanks,</span></p>
<p><span id="issuetitle">Christina<br>
</span></p>
</blockquote>
<br>
</body>
</html>