nss: handle 'type' in xmlSecNssX509StoreAdoptCert() #72

Closed
wants to merge 1 commit into
from

Projects

None yet

2 participants

@vmiklos
Contributor
vmiklos commented Dec 9, 2016

So that when it's trusted, we actually mark the certificate as trusted
using NSS API. This allows actually verifying the certificate chain in
xmlSecNssX509StoreVerify() without 'make check' failing.

I think this is a correct fix for the bug reported at https://www.aleksey.com/pipermail/xmlsec/2016/thread.html#10076.

@vmiklos vmiklos nss: handle 'type' in xmlSecNssX509StoreAdoptCert()
So that when it's trusted, we actually mark the certificate as trusted
using NSS API. This allows actually verifying the certificate chain in
xmlSecNssX509StoreVerify() without 'make check' failing.
f6fa148
@vmiklos
Contributor
vmiklos commented Dec 9, 2016

Let me add a testcase as well, ideally a simple negative testing with not providing --trusted should work, I think.

@lsh123
Owner
lsh123 commented Dec 15, 2016

I've made a couple tweaks: #73

@lsh123 lsh123 closed this Dec 15, 2016
@vmiklos vmiklos deleted the vmiklos:nss-adopt-cert-type branch Dec 16, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment