if at the ra an invalid certificate is used:
Certificate Request Successfully approved.
Signature: The PKCS#7-object signals an error. The signature is not valid.
PKCS#7-Error 7932021: OpenCA::PKCS7->parseDepth: The chain is not complete.
so the request gets approved - the ca shows me ok invalid signator
or better an error is there...
but shouldn't it get approved at all - so it just don't get send to the
ca for further processing?
(for expired, suspended and revoked certs the behavior is at the
momment, to stop processing and throw an error, so one with an invalid
cert can't move an request to an approved state)
and someone with an not trusted cert shouldn't be able too
at least my idea of how the process should be handled ;o)
greetings
dalini
--
Ives Steglich Email: [EMAIL PROTECTED]
System Administration Tel.: +49 (0)3677 - 69 4382/4383
Fax: +49 (0)3677 - 69 4399
Fraunhofer Institute for Digital Media Technology
Langewiesener Strasse 22
98693 Ilmenau Email (private): [EMAIL PROTECTED]
Germany http://www.openca.org
-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
OpenCA-Devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-devel
