Received verbal ack from jmagne.

pushed to master:

commit 380f7fda040cc5d394e34eead45ebb921532cc07

thanks,

Christina

On 06/05/2017 09:03 AM, Christina Fu wrote:

This patch adds the missing revocation check (and possibly validity check) to

https://pagure.io/dogtagpki/issue/2617 Allow CA to process pre-signed CMC non-signing certificate requests

The code that CMCUserSignedAuth originated from, CMCAuth, has a confusing comment where it states:

// verify signer's certificate using the revocator
right above the CryptoManager.isCertValid() call. Which mislead me into believing that the call checks for revocation status.

During work for CMC revocation (upcoming patch), I found out that is not entirely the case. The call does not check for revocation status when I used a revoked cert to sign the cmc request. I am adding revocation and validity checks to make sure that the check is more complete.

thanks,

Christina