Closed mjechow closed 1 year ago
this feature is implemented in the same way as the option for the keyUsage check. I am not sure, if the verification option is really needed as well, specifically, as the thrown exception is misleading (SigningCertValidityException is expected but CannotBuildCertificationPathException is thrown) . I made this pull request, because I need the possibility to sign with expired and notYetValid certificates.
probably we should squash this PR. Is this possible during the a merge in gitHub? A new commit message could be:
Add a signature option to skip certificate validity checks during signature production.
This is useful for testing, specifically to create signatures using incorrect certificates to check if test targets reject such signatures.
Yes, it is possible to squash. I'll do that.
There is a failing test but that's unrelated (some CRL needs to be updated), so I'll merge this.
Thanks again for the contribution!
Thank you for your fast response and support!
Any indication when these changes will be released?
Just released version 2.2.0 with this feature.
This is useful for testing, specifically to create signatures using incorrect certificates to check if test targets reject such signatures.