Ives Steglich wrote:
if at the ra an invalid certificate is used:
Certificate Request Successfully approved.
Signature: The PKCS#7-object signals an error. The signature is not valid.
PKCS#7-Error 7932021: OpenCA::PKCS7->parseDepth: The chain is not complete.
so the request gets approved - the ca shows me ok invalid signator
or better an error is there...
but shouldn't it get approved at all - so it just don't get send to the
ca for further processing?
(for expired, suspended and revoked certs the behavior is at the
momment, to stop processing and throw an error, so one with an invalid
cert can't move an request to an approved state)
and someone with an not trusted cert shouldn't be able too
at least my idea of how the process should be handled ;o)
You are correct. So please fix it :)
Michael
--
-------------------------------------------------------------------
Michael Bell Email: [EMAIL PROTECTED]
ZE Computer- und Medienservice Tel.: +49 (0)30-2093 2482
(Computing Centre) Fax: +49 (0)30-2093 2704
Humboldt-University of Berlin
Unter den Linden 6
10099 Berlin Email (private): [EMAIL PROTECTED]
Germany http://www.openca.org
-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
OpenCA-Devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-devel
