[Bug 94063] spice-gtk / remote-viewer SSL verification behavior
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Tue Feb 9 15:12:54 CET 2016
https://bugs.freedesktop.org/show_bug.cgi?id=94063
Christophe Fergeau <teuf at gnome.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |teuf at gnome.org
--- Comment #1 from Christophe Fergeau <teuf at gnome.org> ---
I think we have 2 options here,
1) either just accept the intermediate CA as valid and do not fail if the only
issue is that its "end" CA cert is invalid
2) or when the "end" CA cert is invalid, look up in the system truststore and
see if this makes the whole chain valid. In order to match existing behaviour
when the passed-in CA goes down to the root chain, we have to validate the
certificate presented by the server using only the intermediate CA, and if all
goes well, finish the validation using the system truststore.
1) is probably easier, and more consistent with what is currently done. I
suspect 2) is slightly more correct, but could be wrong.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/spice-bugs/attachments/20160209/ced1f057/attachment.html>
More information about the spice-bugs
mailing list