Skip to content

make-ca-1.15

Choose a tag to compare

View all tags
@xry111 xry111 released this 09 Feb 15:12
· 8 commits to master since this release
v1.15
This tag was signed with the committer’s verified signature.
xry111 Xi Ruoyao
GPG key ID: ACAAD20E19E710E3
Verified
Learn about vigilant mode.
480a599
This commit was signed with the committer’s verified signature.
xry111 Xi Ruoyao
GPG key ID: ACAAD20E19E710E3
Verified
Learn about vigilant mode.
  • Revert "work around bug in p11-kit trust extract that allows certificates with nss-{email,server}-distrust after attribute to enter downstream": that isn't a bug in fact. The date in the attribute should be compared with the issue date of the downstream certificate provided by the web server or the email sender (that make-ca cannot know), not the system date. SSL implementations like GnuTLS or OpenSSL should handle them, but they seem not doing it properly. However that's not a valid reason to misinterpret the attribute.
Assets 2
Loading