[PATCH06/17] PKCS#7: Verify internal certificate chain

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Thu Jul 10 10:06:53 PDT 2014


On Wed, 09 Jul 2014 16:16:04 +0100, David Howells said:
> Verify certificate chain in the X.509 certificates contained within the PKCS#7
> message as far as possible.  If any signature that we should be able to verify
> fails, we reject the whole lot.

What happens if we see a signature that we shouldn't be able to verify?  Or should
that changelog entry be reduced to "If any signature fails", period?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 848 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/kexec/attachments/20140710/132c320e/attachment.sig>


More information about the kexec mailing list