Open laurentgo opened 2 years ago
coveralls
commented
2 years ago Coverage decreased (-0.3%) to 83.066% when pulling 2478f84eabad8792f42f6ba0c70cfbe4a0fd0f2a on laurentgo:laurentgo/ignore-keycert into 502d71b358d32053bc41c9fd3411f050cdd61630 on ebourg:master.
ebourg
commented
3 days ago I'm not sure to understand the use case, in what situation one would want to replace the certificate from the keystore? Why not updating the certificate on the keystore instead? I don't mind replacing the certificate but I would prefer something easier to use, for example if the certfile specified contains the signing certificate, use it automatically instead of the one from the keystore.
laurentgo
commented
2 days ago Sorry, it has been a while since I opened the issue but at the time I opened the issue and proposed the change, it was to support some remote keystore system which would store securely a private/public key but could not associate a certificate chain with it. The PKCS11 layer would just generate a fake certificate because it is kind of mandated by the API, but I would need to pass the actual certificate generated with the key and signed by the actual CA to esign
Add an option to ignore certificate chain provided by the store and use the one provided by the user without any check.