-
The missing piece for working device revocation. * cert store: always use certificate chain match to check parent certificate. We used to allow a certificate if the parent certificate was explicitly allowed. This doesn't check for revoked device certificate. Instead, always check certificates using the standard certificate chain method except if the certificate itself is whitelisted. * ringaccount: check the account own device certificate chain This cause a revoked account to fail loading and propose the user to generate a new device from the archive through the standard account migration procedure. * ringaccount: check device loaded from disc using the common routine to discard devices revoked since the last save. Tuleap: #1457 Change-Id: I03f015e78d1d14f5f2e9f99a6d3dd47a6f2c5bfe
26ad3277
