Comments (4)
To quote from rfc 5280 section ยง3.2:
Self-issued certificates are CA certificates in which the issuer and subject are the same entity. Self-issued certificates are generated to support changes in policy or operations. Self-signed certificates are self-issued certificates where the digital signature may be verified by the public key bound into the certificate. Self-signed certificates are used to convey a public key for use to begin certification paths.
So in my opinion, the property could be renamed self_issued and made a bool. In absense of the Authority + Subject Key identifiers, the non-extension issuer+subject fields could be compared.
self_signed, with actual verification of the signature, is probably out of scope for asn1crypto. It's an ASN.1 library without any dependencies. So there is no access to crypto libs that would be required to verify the signature.
from asn1crypto.
The self_issued property is there already and seems fine to me. I agree to an extent that self_signed is out of scope, but I also think it's a nice property for the cert to be able to carry with it, which I imagine is why Will put it there. Setting it to maybe instead of yes will cause the code in CertValidator to do the crypto (which is exactly where we should be doing the verification) instead of assuming the signature is valid without checking. There is still no crypto being performed in asn1crypto in any case - it's up to the consumer of the cert to do what it will with the 'maybe'.
from asn1crypto.
For backwards compatibility, it probably makes sense that self_signed
can only be no
or maybe
. Just never return the yes
value any longer. That way we don't break the API, but also aren't misleading people.
from asn1crypto.
This should be resolved by 7647163
from asn1crypto.
Related Issues (20)
- ERROR: No matching distribution found for ans1crypto HOT 1
- Bug in commit 'Handle BER-encoded indefinite length values better' HOT 7
- How to parse certificate_policies_value HOT 4
- PublicKeyAlgorithm does not encode None parameters as ASN1 Null element for RSA Keys HOT 3
- CI Test throw error due to expired certificate HOT 1
- Error parsing Microsoft Root Agency Certificate HOT 2
- What is the difference between x509.Certificate.contents and x509.Certificate.dump() HOT 2
- Calling dump on a SignedData object took 30 seconds HOT 12
- How to add support for custom OIDs in the x509 module HOT 1
- Issue report: x509.Name fails to process the TCG OIDs (2.23.133.2.*) HOT 8
- Crash with UTF8String in Subject (akash provider certificates) HOT 2
- OCSP response extension parsing fails HOT 1
- ValueError: Hash algorithm not known for rsassa_pkcs1v15 HOT 3
- Error parsing valid EncryptedContentInfo HOT 6
- Support Python 3.12 HOT 1
- NameTypeAndValue of type "unique_indentifier" cannot be prepared
- Please make a new release HOT 2
- pem.unarmor very poor performance
- v1.5.1 CMSAttributes does not return a DER from dump() making message digest from a CMS confusing HOT 3
- How to sign the signed_attrs? How was the test file cms-signed.der created? HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from asn1crypto.