Re: [PATCH06/17] PKCS#7: Verify internal certificate chain

From: Valdis . Kletnieks
Date: Thu Jul 10 2014 - 13:08:28 EST

On Wed, 09 Jul 2014 16:16:04 +0100, David Howells said:
> Verify certificate chain in the X.509 certificates contained within the PKCS#7
> message as far as possible. If any signature that we should be able to verify
> fails, we reject the whole lot.

What happens if we see a signature that we shouldn't be able to verify? Or should
that changelog entry be reduced to "If any signature fails", period?

Attachment: pgpGZxDm1_Rxy.pgp
Description: PGP signature