Michael Bell wrote:
We are talking about different things. You are talking about signatures
i'm talking about if the approve with signing is safe or not
and it is safe - the way its coded now, since an expired cert
can't sign a request because it is catched during signature verification
so the certificate-verification code isn't reached anymore in case of an failure
before...
and an expired cert 'throws' an error
and I'm talking about certs. You can use
$db->getItem (DATATYPE => "VALID_CERTIFICATE", KEY => 123)
and you get an expired certificate without any warnings. If you do this
with DBI then nothing happens. You get a simple undef.
so this is a problem, but i don't use this call anyway
but the dbm interface should be changed then - i think
and i havn't checked what:
my $tmpCert = libGetSignerCertificateDB( SIGNATURE=>$signer );
calls internal... ;o)
greetings
dalini
--
Ives Steglich Email: [EMAIL PROTECTED]
System Administration Tel.: +49 (0)3677 - 69 4382/4383
Fax: +49 (0)3677 - 69 4399
Fraunhofer Institute for Digital Media Technology
Langewiesener Strasse 22
98693 Ilmenau Email (private): [EMAIL PROTECTED]
Germany http://www.openca.org
-------------------------------------------------------
This SF.Net email is sponsored by OSTG. Have you noticed the changes on
Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now,
one more big change to announce. We are now OSTG- Open Source Technology
Group. Come see the changes on the new OSTG site. www.ostg.com
_______________________________________________
OpenCA-Devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-devel
