<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>This patch adds the missing revocation check (and possibly
validity check) to</p>
<p><a class="moz-txt-link-freetext" href="https://pagure.io/dogtagpki/issue/2617">https://pagure.io/dogtagpki/issue/2617</a> <span id="issuetitle">Allow
CA to process pre-signed CMC non-signing certificate requests</span></p>
<p><span id="issuetitle">The code that CMCUserSignedAuth originated
from, CMCAuth, has a confusing comment where it states:</span></p>
<p><span id="issuetitle">// verify signer's certificate using the
revocator<br>
right above the CryptoManager.isCertValid() call. Which mislead
me into believing that the call checks for revocation status.</span></p>
<p><span id="issuetitle">During work for CMC revocation (upcoming
patch), I found out that is not entirely the case. The call
does not check for revocation status when I used a revoked cert
to sign the cmc request. I am adding revocation and validity
checks to make sure that the check is more complete.</span></p>
<p><span id="issuetitle">thanks,</span></p>
<p><span id="issuetitle">Christina<br>
</span></p>
</body>
</html>