Re: [PATCH06/17] PKCS#7: Verify internal certificate chain
From: Valdis . Kletnieks
Date: Thu Jul 10 2014 - 13:08:28 EST
On Wed, 09 Jul 2014 16:16:04 +0100, David Howells said:
> Verify certificate chain in the X.509 certificates contained within the PKCS#7
> message as far as possible. If any signature that we should be able to verify
> fails, we reject the whole lot.
What happens if we see a signature that we shouldn't be able to verify? Or should
that changelog entry be reduced to "If any signature fails", period?
Description: PGP signature