[Pki-devel] [PATCH] Ticket-2617-part2-add-revocation-check-to-signing-ce.patch
Christina Fu
cfu at redhat.com
Mon Jun 5 16:03:14 UTC 2017
This patch adds the missing revocation check (and possibly validity
check) to
https://pagure.io/dogtagpki/issue/2617 Allow CA to process pre-signed
CMC non-signing certificate requests
The code that CMCUserSignedAuth originated from, CMCAuth, has a
confusing comment where it states:
// verify signer's certificate using the revocator
right above the CryptoManager.isCertValid() call. Which mislead me into
believing that the call checks for revocation status.
During work for CMC revocation (upcoming patch), I found out that is not
entirely the case. The call does not check for revocation status when I
used a revoked cert to sign the cmc request. I am adding revocation and
validity checks to make sure that the check is more complete.
thanks,
Christina
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20170605/aec15fd0/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Ticket-2617-part2-add-revocation-check-to-signing-ce.patch
Type: text/x-patch
Size: 4340 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20170605/aec15fd0/attachment.bin>
More information about the Pki-devel
mailing list