Closed mjechow closed 1 year ago
mjechow
commented
1 year ago this feature is implemented in the same way as the option for the keyUsage check. I am not sure, if the verification option is really needed as well, specifically, as the thrown exception is misleading (SigningCertValidityException is expected but CannotBuildCertificationPathException is thrown) . I made this pull request, because I need the possibility to sign with expired and notYetValid certificates.
mjechow
commented
1 year ago probably we should squash this PR. Is this possible during the a merge in gitHub? A new commit message could be:
Add a signature option to skip certificate validity checks during signature production.
This is useful for testing, specifically to create signatures using incorrect certificates to check if test targets reject such signatures.
luisgoncalves
commented
1 year ago Yes, it is possible to squash. I'll do that.
There is a failing test but that's unrelated (some CRL needs to be updated), so I'll merge this.
Thanks again for the contribution!
mjechow
commented
1 year ago Thank you for your fast response and support!
DouweKoopmans
commented
1 year ago Any indication when these changes will be released?
luisgoncalves
commented
1 year ago Just released version 2.2.0 with this feature.
This is useful for testing, specifically to create signatures using incorrect certificates to check if test targets reject such signatures.