summaryrefslogtreecommitdiff
path: root/tools/certtools.py
diff options
context:
space:
mode:
authorLinus Nordberg <linus@nordberg.se>2015-02-20 12:20:09 +0100
committerLinus Nordberg <linus@nordberg.se>2015-02-20 12:20:09 +0100
commit4d2993890fed46c5611735e84d4f737e8c342718 (patch)
tree6da78e0a5362b8b7e6b0e6331f58e9b45c44dfbf /tools/certtools.py
parent7cbbfa7c7e0fba134838c5c9c58d2d3174232882 (diff)
Stop validating that cert.issuer matches issuer.subject.
Even canoncalized versions of this data mismatch in otherwise proper chains. Since we're not here to validate chains for any other reasons than attribution and spam control, let's stop validate cert.issuer==candidate.subject. We still verify the cryptographic chain with signatures of tbsCertificates of course. Resolves CATLFISH-19.
Diffstat (limited to 'tools/certtools.py')
0 files changed, 0 insertions, 0 deletions