[Pki-devel] [PATCH] Ticket-2617-part2-add-revocation-check-to-signing-ce.patch
Christina Fu
cfu at redhat.com
Mon Jun 5 18:22:39 UTC 2017
Received verbal ack from jmagne.
pushed to master:
commit 380f7fda040cc5d394e34eead45ebb921532cc07
thanks,
Christina
On 06/05/2017 09:03 AM, Christina Fu wrote:
>
> This patch adds the missing revocation check (and possibly validity
> check) to
>
> https://pagure.io/dogtagpki/issue/2617 Allow CA to process pre-signed
> CMC non-signing certificate requests
>
> The code that CMCUserSignedAuth originated from, CMCAuth, has a
> confusing comment where it states:
>
> // verify signer's certificate using the revocator
> right above the CryptoManager.isCertValid() call. Which mislead me
> into believing that the call checks for revocation status.
>
> During work for CMC revocation (upcoming patch), I found out that is
> not entirely the case. The call does not check for revocation status
> when I used a revoked cert to sign the cmc request. I am adding
> revocation and validity checks to make sure that the check is more
> complete.
>
> thanks,
>
> Christina
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20170605/30913636/attachment.htm>
More information about the Pki-devel
mailing list