When verifying metadata files, Pyff need the exact signing certificate. Add an option so Pyff can also verify the metdata signature based on a CA.
So: CA has signed metadata key and metadata is signed by metadata key, but Pyff only trusts CA and should build a trust chain for the metadata signature.
When verifying metadata files, Pyff need the exact signing certificate. Add an option so Pyff can also verify the metdata signature based on a CA.
So: CA has signed metadata key and metadata is signed by metadata key, but Pyff only trusts CA and should build a trust chain for the metadata signature.