Is it intended, that the expiration date gets checked in the credentials check?
When verifying a credential with a bad signature which has also expired, it fails because of the expiration and the information that the signature was forged does not get revealed to the user; even though it might be the more important bit of information.
Is it intended, that the expiration date gets checked in the credentials check? When verifying a credential with a bad signature which has also expired, it fails because of the expiration and the information that the signature was forged does not get revealed to the user; even though it might be the more important bit of information.