Currently, the certificate used when calling StoreSignature() doesn't seem to be verified. Thus, it doesn't have to be part of a certificate chain from the MSPs root CA.
While the validation takes place in the signature validation, maybe moving or checking at both places would make sense? Of course, the actual signature cannot be forged anyway. However, it may make sense to catch faulty certificates as early as possible. Probably this is also the root cause for issue #40.
Currently, the certificate used when calling
StoreSignature()doesn't seem to be verified. Thus, it doesn't have to be part of a certificate chain from the MSPs root CA.While the validation takes place in the signature validation, maybe moving or checking at both places would make sense? Of course, the actual signature cannot be forged anyway. However, it may make sense to catch faulty certificates as early as possible. Probably this is also the root cause for issue #40.