search

codegooglecom / pathfinder-pki

Automatically exported from code.google.com/p/pathfinder-pki
0 stars 0 forks source link

Problematic CRL practices: improperly signed CRL #31

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?
1. Validate blogger.com certificate

What is the expected output? What do you see instead?

Certificate is NOT ok. Error: No valid crl for certificate /C=US/O=Google
Inc/CN=Google Internet Authority.

Problematic certificate is
http://www.gstatic.com/GoogleInternetAuthority/GoogleInternetAuthority.crt

CRL is in place, but it is signed with different authority.

http://crl.geotrust.com/crls/secureca.crl

What version of the product are you using? On what operating system?
r224, RHEL5

Please provide any additional information below.

This probably should be configurable as well.

Original issue reported on code.google.com by arke...@gmail.com on 30 Apr 2010 at 1:26

GoogleCodeExporter commented 8 years ago 
It's not that the CRL is improperly signed, it's that the CRL doesn't have an 
AKI (which is okay) but the issuer-name comparison was flawed (which is not 
okay).  This is fixed by r238.

Original comment by dcoo...@gmail.com on 2 Nov 2011 at 2:40