Skip to content

Commit

Permalink
Improved certificate chain detection (issue #421) - 2
Browse files Browse the repository at this point in the history
Exceptions during verification because of missing provider, unknown
algorithm and certificate processing issues are now ignored and a
fallback mechanism to the old DN check is applied. This makes sure that
such issues - which are not relevant for chain detection - are not
breaking things that worked before.
  • Loading branch information
kaikramer committed Sep 1, 2023
1 parent 89da822 commit 9c2c7ec
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion kse/src/org/kse/crypto/x509/X509CertUtil.java
Original file line number Diff line number Diff line change
Expand Up @@ -360,7 +360,8 @@ public static boolean isIssuedBy(X509Certificate cert, X509Certificate issuerCer
return true;
}
} catch (CryptoException e) {
// wrong certificate, continue
// ignore technical verification issues as they are not relevant for finding chains
return true;
}
}
return false;
Expand Down

0 comments on commit 9c2c7ec

Please sign in to comment.