• Adrien Béraud's avatar
    device revocation: refuse loading revoked device · 26ad3277
    Adrien Béraud authored
    The missing piece for working device revocation.
    * cert store: always use certificate chain match to check
      parent certificate.
      We used to allow a certificate if the parent certificate
      was explicitly allowed. This doesn't check for revoked
      device certificate. Instead, always check certificates
      using the standard certificate chain method except if
      the certificate itself is whitelisted.
    * ringaccount: check the account own device certificate chain
      This cause a revoked account to fail loading and propose
      the user to generate a new device from the archive
      through the standard account migration procedure.
    * ringaccount: check device loaded from disc using
      the common routine to discard devices revoked since the last
      save.
    
    Tuleap: #1457
    Change-Id: I03f015e78d1d14f5f2e9f99a6d3dd47a6f2c5bfe
    26ad3277
Name
Last commit
Last update
MSVC Loading commit data...
bin Loading commit data...
contrib Loading commit data...
doc Loading commit data...
docker Loading commit data...
extras/tools Loading commit data...
m4 Loading commit data...
man Loading commit data...
ringtones Loading commit data...
src Loading commit data...
tools Loading commit data...
.gitignore Loading commit data...
.gitreview Loading commit data...
AUTHORS Loading commit data...
CODING Loading commit data...
COPYING Loading commit data...
ChangeLog Loading commit data...
Makefile.am Loading commit data...
NEWS Loading commit data...
README Loading commit data...
astylerc Loading commit data...
autogen.sh Loading commit data...
configure.ac Loading commit data...
globals.mk Loading commit data...