Re: [PATCH] X.509: Remove certificate date checks

From: David Woodhouse
Date: Thu Mar 14 2013 - 13:09:47 EST

Next message: Fabio Porcedda: "[PATCH v2 2/8] drivers: ata: use module_platform_driver_probe()"
Previous message: Rafael J. Wysocki: "Re: [Update 4][PATCH 2/7] ACPI / scan: Introduce common code for ACPI-based device hotplug"
In reply to: Alexander Holler: "Re: [PATCH] X.509: Remove certificate date checks"
Next in thread: Alexander Holler: "Re: [PATCH] X.509: Remove certificate date checks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 2013-03-14 at 17:22 +0100, Alexander Holler wrote:
>
> Agreed (thats what my patch did).
>
> I've introduced a new config option because I don't know if something (a
> use case I don't know) relies on the validity check of the dates in the
> parser. If there currently isn't such a user, just removing the validity
> check in the parser might be enough.

Is there *is* such a user, it's broken already. The key could have been
loaded (and passed the existing check) *months* ago, expired seconds
after it was loaded, and your hypothetical user could still be happily
trusting it.

> Offering the parsed dates for later usage is still a good idea.

Right.

--
dwmw2

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Next message: Fabio Porcedda: "[PATCH v2 2/8] drivers: ata: use module_platform_driver_probe()"
Previous message: Rafael J. Wysocki: "Re: [Update 4][PATCH 2/7] ACPI / scan: Introduce common code for ACPI-based device hotplug"
In reply to: Alexander Holler: "Re: [PATCH] X.509: Remove certificate date checks"
Next in thread: Alexander Holler: "Re: [PATCH] X.509: Remove certificate date checks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]