[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: cert considered invalid when intermediate is expired
|
From: |
Michal Suchanek |
|
Subject: |
Re: cert considered invalid when intermediate is expired |
|
Date: |
Sun, 28 Oct 2012 12:16:15 +0100 |
On 28 October 2012 02:31, Nikos Mavrogiannopoulos <address@hidden> wrote:
> On 10/26/2012 03:15 PM, Michal Suchanek wrote:
>
>> Hello,
>>
>> gnutls does not verify a certificate when the intermediate CA
>> certificate is expired.
>
>
> If the intermediate certificate is expired why would you consider it
> valid? You may ignore expiration failures if your application doesn't
> care, but gnutls cannot ignore them.
>
Does that imply that a CA that signs a cert that is supposed to be
valid for 2yrs using an intermediate cert that is valid for 20 months
essentially makes a cert for 20 months only because for the remaining
4 months the cert will be invalid?
The application will, of course, use whatever gnutls supplies for cert
validation so when the cert does not validate in gnutls it will not
validate in any app using the library unless the authors went out of
their way to examine the certificate chain manually.
Thanks
Michal