Details
-
Bug
-
Resolution: Fixed
-
Major
-
1.0, 1.1, 1.2, 1.3, 1.4, 1.5, 1.6, 1.7
-
None
-
None
Description
When certificates are loaded from RepositorySettings, and when a message's signature is validated against known certificates, no certificate's validity is checked (i.e. it is not checked if the certificate has expired).
This should not pose a serious security problem, as the allowed certificates is a controlled list, but it is still something that should be mended.