Add ConfV6 class with validateSigningCert method #692
Conversation
validateSigningCert method allows to bypass certificate trust check during signature verification. Fixes open-eid#678 Signed-off-by: Florian Dargère <[email protected]>
|
Can you explain the reason? |
|
It allows to avoid checking the trust status of the signing certificate during signature verification, thus allowing the user to verify the trust status by himself, possibly using another store than TSL. The aim is to be able to verify signatures which have been signed with a certificate trusted from another source than TSL. It is an answer to #678 and #556 as well. I think it has to be a configuration parameter, in order to be customizable. Thus, I guess it needs a new configuration class, for binary compatibility. |
|
Maybe we should figure out how to make X509CertStore usable as public API? |
|
Do you mean by making the X509CertStore::verify function virtual so that custom implementations could override the method with their own verification process ? |
validateSigningCert method allows to bypass certificate trust check during signature verification.
Fixes #678
Signed-off-by: Florian Dargère [email protected]