Here the XrdCryptogsiX509Chain::Verify is used to verify a chain of CA certificates, something I don't think it was originally intended to do.
In this case there should not be an EEC certificate in the chain, so the result for a verified CA certificate chain is that XrdCryptogsiX509Chain::Verify returns false (i.e. the verification fails as an EEC certificate chain) and the error returned is kNoEEC.
I.e. there is a failure reported if the chain verifies as an EEC chain (and hence is not a CA chain) or if the error returned is something else than kNoEEC.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.
{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/xrootd/xrootd","title":"xrootd/xrootd","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/xrootd/xrootd"}},"updates":{"snippets":[{"icon":"PERSON","message":"@ellert in #466: Here the XrdCryptogsiX509Chain::Verify is used to verify a chain of CA certificates, something I don't think it was originally intended to do.\r\n\r\nIn this case there should not be an EEC certificate in the chain, so the result for a verified CA certificate chain is that XrdCryptogsiX509Chain::Verify returns false (i.e. the verification fails as an EEC certificate chain) and the error returned is kNoEEC.\r\n\r\nI.e. there is a failure reported if the chain verifies as an EEC chain (and hence is not a CA chain) or if the error returned is something else than kNoEEC.\r\n"}],"action":{"name":"View Pull Request","url":"https://github.com/xrootd/xrootd/pull/466#issuecomment-281103485"}}}
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1