[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Test failure of ‘chainverify’
From: |
Nikos Mavrogiannopoulos |
Subject: |
Re: Test failure of ‘chainverify’ |
Date: |
Thu, 11 Mar 2010 20:58:34 +0100 |
User-agent: |
Thunderbird 2.0.0.23 (X11/20090817) |
Ludovic Courtès wrote:
> Hello,
>
> The ‘chainverify’ test currently fails with the latest libtasn1 and
> libgcrypt:
Ok it seems that the test that verifies an expired trusted certificate
fails. That is because the current code considers trusted as ultimately
trusted even for the first certificate in the chain (the previous code
did that for all except for the first one- end user).
This uncovered an issue since there was no consistent treat of the
certificates in the trusted list. I believe the current behavior is fine
and rational (trust unconditionally anything in the trusted list), but
there might be arguments for not allowing weak algorithms and expired
certificates in the trusted list (or have additional flag(s) for them).
What do you think?
regards,
Nikos
- Test failure of ‘chainverify’, Ludovic Courtès, 2010/03/11
- Re: Test failure of ‘chainverify’, Nikos Mavrogiannopoulos, 2010/03/11
- Re: Test failure of ‘chainverify’,
Nikos Mavrogiannopoulos <=
- Re: Test failure of ‘chainverify’, Ludovic Courtès, 2010/03/11
- Re: Test failure of ‘chainverify’, Tomas Mraz, 2010/03/12
- Re: Test failure of ‘chainverify’, Daniel Kahn Gillmor, 2010/03/12
- Re: Test failure of ‘chainverify’, Nikos Mavrogiannopoulos, 2010/03/14
- Re: Test failure of ‘chainverify’, Ludovic Courtès, 2010/03/14
- Re: Test failure of ‘chainverify’, Nikos Mavrogiannopoulos, 2010/03/14
- Re: Test failure of ‘chainverify’, Ludovic Courtès, 2010/03/14