Re: [PATCH06/17] PKCS#7: Verify internal certificate chain

From: Valdis . Kletnieks
Date: Thu Jul 10 2014 - 13:08:28 EST

Next message: Greg KH: "Re: [PATCHv3 2/2] Add force_epp module option for parport_pc."
Previous message: Jim Davis: "randconfig build error with next-20140710, in net/ipv4/ipconfig.c"
In reply to: David Howells: "[PATCH06/17] PKCS#7: Verify internal certificate chain"
Next in thread: David Howells: "Re: [PATCH06/17] PKCS#7: Verify internal certificate chain"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 09 Jul 2014 16:16:04 +0100, David Howells said:
> Verify certificate chain in the X.509 certificates contained within the PKCS#7
> message as far as possible. If any signature that we should be able to verify
> fails, we reject the whole lot.

What happens if we see a signature that we shouldn't be able to verify? Or should
that changelog entry be reduced to "If any signature fails", period?

Attachment: pgpGZxDm1_Rxy.pgp
Description: PGP signature

Next message: Greg KH: "Re: [PATCHv3 2/2] Add force_epp module option for parport_pc."
Previous message: Jim Davis: "randconfig build error with next-20140710, in net/ipv4/ipconfig.c"
In reply to: David Howells: "[PATCH06/17] PKCS#7: Verify internal certificate chain"
Next in thread: David Howells: "Re: [PATCH06/17] PKCS#7: Verify internal certificate chain"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]