Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use Issuer Profile's RevocationList if missing from certificate #308

Open
AnthonyRonning opened this issue Oct 15, 2019 · 0 comments

Comments

@AnthonyRonning
Copy link
Contributor

@AnthonyRonning AnthonyRonning commented Oct 15, 2019

Describe the bug

When revocationList is not present inside of the certificate, the verifier should check if it is included in the Issuer Profile and use that. Currently that is not happening, per

async () => domain.verifier.getRevokedAssertions(this.issuer.revocationList)

(note: this.issuer refers to certificate.issuer in this context`)

This is where the schema specifies that issuer's revocationList should be checked as a fallback: https://github.com/blockchain-certificates/cert-schema/blob/master/docs/issuer_schema-2.1.md#revocationlist

To Reproduce
Steps to reproduce the behavior:

  1. Go to blockcerts.org
  2. In put this certificate, which does not have a revocationList property directly inside it: https://github.com/AnthonyRonning/https-github.com-labnol-files/blob/master/test/test-revocation.json
  3. See that it passes verification (as a testnet cert)

Expected behavior

It should check the issuer profile (https://github.com/AnthonyRonning/https-github.com-labnol-files/blob/master/issuer-eth.json) to grab the revocationList property (https://github.com/AnthonyRonning/https-github.com-labnol-files/blob/master/revocation-eth.json) and fail verification due to revocation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant
You can’t perform that action at this time.