[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: pkcs1-pad self-check fails?
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
Re: pkcs1-pad self-check fails? |
|
Date: |
Tue, 16 Mar 2010 22:43:00 +0100 |
|
User-agent: |
Thunderbird 2.0.0.23 (X11/20090817) |
Simon Josefsson wrote:
> Thanks. I think the problem is that the PKIX chain used to be rejected
> (in 2.8.x) because the signature validation fails, but now the entire
> chain is accepted. Presumably the particular signature is no longer
> validated. That could be wrong, or there is a problem in that self
> test.
I cannot understand why this chain shouldn't be validated... What was
the reason for the test? It is now accepted because the verification
procedure detects the same certificate being verified and trusted and
thus considers it ok.
As a side-effect I noticed that that gnutls_x509_crt_verify() behaves
different than gnutls_x509_crt_list_verify() - i.e. no date checks,
which shouldn't occur.
regards,
Nikos
- pkcs1-pad self-check fails?, Simon Josefsson, 2010/03/16
- Re: pkcs1-pad self-check fails?, Nikos Mavrogiannopoulos, 2010/03/16
- Re: pkcs1-pad self-check fails?, Simon Josefsson, 2010/03/16
- Re: pkcs1-pad self-check fails?, Simon Josefsson, 2010/03/17
- Re: pkcs1-pad self-check fails?, Nikos Mavrogiannopoulos, 2010/03/17
- Re: pkcs1-pad self-check fails?, Simon Josefsson, 2010/03/17
- Re: pkcs1-pad self-check fails?, Nikos Mavrogiannopoulos, 2010/03/17
- Re: pkcs1-pad self-check fails?, Simon Josefsson, 2010/03/17
- datefudge and faketime [was: Re: pkcs1-pad self-check fails?], Daniel Kahn Gillmor, 2010/03/17
- Re: datefudge and faketime, Simon Josefsson, 2010/03/18
- Re: datefudge and faketime, Andreas Metzler, 2010/03/18
- Re: datefudge and faketime, Simon Josefsson, 2010/03/21