Open abhishek-ram opened 7 years ago
I'd have to look at your specific certs and OS trust store to figure out what is happening with the first situation. I am wondering if the intermediate is somehow available from your OS trust store? The fact that is works by providing a root cert as an intermediate without the real intermediate seems odd.
If you trust the end-entity certificate as a root, then validation will implicitly pass. It constructs a path to a trusted root, which ends up being the end-entity certificate. It then validates that path and sees that the end-entity certificate is a root, and succeeds.
Yes I see your point and it looks like it was an issue with my OS Trust Store.
I see another issue now here. I have a self signed certificate and in order to validate it I have added it to the trust store. It gets validated, but the issue is that if I use an expired certificate it also gets validated. what could be the reason for this?
I am trying to setup certificate verification and I am seeing strange behaviour here. Please loot at the following scenarios:
Also there is another strange behaviour that I have noted, suppose in this same scenario I use a
ValidationContext
and just add theend_entity_cert
to trusted_roots (no root and intermediate certs added) it seems to pass the validation. I am not sure if this is intended.