Skip to content
Snippets Groups Projects
Commit 26ad3277 authored by Adrien Béraud's avatar Adrien Béraud Committed by Guillaume Roguez
Browse files

device revocation: refuse loading revoked device

The missing piece for working device revocation.
* cert store: always use certificate chain match to check
  parent certificate.
  We used to allow a certificate if the parent certificate
  was explicitly allowed. This doesn't check for revoked
  device certificate. Instead, always check certificates
  using the standard certificate chain method except if
  the certificate itself is whitelisted.
* ringaccount: check the account own device certificate chain
  This cause a revoked account to fail loading and propose
  the user to generate a new device from the archive
  through the standard account migration procedure.
* ringaccount: check device loaded from disc using
  the common routine to discard devices revoked since the last
  save.

Tuleap: #1457
Change-Id: I03f015e78d1d14f5f2e9f99a6d3dd47a6f2c5bfe
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment