-
Problem report
-
Resolution: Unresolved
-
Major
-
6.0.32
-
Sprint candidates
Steps to reproduce:
- Make a self-signed certificate with different Issuer CN and Subject CN
- Try to verify validity
Result:
"result":{"value":"invalid","message":"failed to verify certificate: x509: certificate signed by unknown authority"}
Expected:I
I expected result to be "valid-but-self-signed"
The problem is that the if statement used to detect validity is expecting `subject == issuer`
However this is often not the case. The certificate can still be self-signed without such requirement. Often the subject and issuer won't match on self-signed certificates.
I believe this requirement should be removed from the checks. Not matching subject and issuer does not make a certificate invalid and has little to do with certificate being self signed or not.
A self-signed certificate without, subject == issuer, is still a valid certificate.
Also, is it the plugins task to verify such things? Isn't comparing two strings match or not type check what the template triggers should do? Because then one can setup a macro to say "it is ok if subject != issuer". Now we have no control over what the plugin thinks valid/invalid etc.
