Print

Print

Here the XrdCryptogsiX509Chain::Verify is used to verify a chain of CA certificates, something I don't think it was originally intended to do.

In this case there should not be an EEC certificate in the chain, so the result for a verified CA certificate chain is that XrdCryptogsiX509Chain::Verify returns false (i.e. the verification fails as an EEC certificate chain) and the error returned is kNoEEC.

I.e. there is a failure reported if the chain verifies as an EEC chain (and hence is not a CA chain) or if the error returned is something else than kNoEEC.


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/xrootd/xrootd","title":"xrootd/xrootd","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/xrootd/xrootd"}},"updates":{"snippets":[{"icon":"PERSON","message":"@ellert in #466: Here the XrdCryptogsiX509Chain::Verify is used to verify a chain of CA certificates, something I don't think it was originally intended to do.\r\n\r\nIn this case there should not be an EEC certificate in the chain, so the result for a verified CA certificate chain is that XrdCryptogsiX509Chain::Verify returns false (i.e. the verification fails as an EEC certificate chain) and the error returned is kNoEEC.\r\n\r\nI.e. there is a failure reported if the chain verifies as an EEC chain (and hence is not a CA chain) or if the error returned is something else than kNoEEC.\r\n"}],"action":{"name":"View Pull Request","url":"https://github.com/xrootd/xrootd/pull/466#issuecomment-281103485"}}}

Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1