Received verbal ack from jmagne.
pushed to master:
commit 380f7fda040cc5d394e34eead45ebb921532cc07
thanks,
Christina
On 06/05/2017 09:03 AM, Christina Fu wrote:
This patch adds the missing revocation check (and possibly validity
check) to
https://pagure.io/dogtagpki/issue/2617 Allow CA to process pre-signed
CMC non-signing certificate requests
The code that CMCUserSignedAuth originated from, CMCAuth, has a
confusing comment where it states:
// verify signer's certificate using the revocator
right above the CryptoManager.isCertValid() call. Which mislead me
into believing that the call checks for revocation status.
During work for CMC revocation (upcoming patch), I found out that is
not entirely the case. The call does not check for revocation status
when I used a revoked cert to sign the cmc request. I am adding
revocation and validity checks to make sure that the check is more
complete.
thanks,
Christina