Skip to main content

EDO-26 OCD verifier do not trust CA certificates registered in TSL (if CA certificate path is not in TSL)

Anonymous (not verified)
Published on: 04/12/2012 Discussion Archived

OCD verifier should trust CA certificate if it is registered in TSL.

We are trying to validate OCD signed with good real life certificate and it fails,
because after verifier successfully finds CA certificate in TSL, it continues to check it's parent certificates
(it should be enough to check CA certificate itself, as CA parent certificates are not registered in real life TSL)

1. OCD tested:
2. log with comments in red: bug5.docx