[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pkcs1-pad self-check fails?

From: Nikos Mavrogiannopoulos
Subject: Re: pkcs1-pad self-check fails?
Date: Tue, 16 Mar 2010 22:43:00 +0100
User-agent: Thunderbird (X11/20090817)

Simon Josefsson wrote:

> Thanks.  I think the problem is that the PKIX chain used to be rejected
> (in 2.8.x) because the signature validation fails, but now the entire
> chain is accepted.  Presumably the particular signature is no longer
> validated.  That could be wrong, or there is a problem in that self
> test.

I cannot understand why this chain shouldn't be validated... What was
the reason for the test? It is now accepted because the verification
procedure detects the same certificate being verified and trusted and
thus considers it ok.

As a side-effect I noticed that that gnutls_x509_crt_verify() behaves
different than gnutls_x509_crt_list_verify() - i.e. no date checks,
which shouldn't occur.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]