Is the signature validated with the signature key?
diggyk opened this issue · comments
I was looking at the code but was not able to confirm. However, it seems the signature is never validated, is it? So could someone then potentially use a certificate that lists a bogus signature or signature_key?
Hey @diggyk ,
I was just checking the code as well, since I haven't touched it for a long time and wasn't sure about the signature validation too.
Apparently, signature doesn't seem to be validated as you've mentioned already, which is a big gap from my side for not having this implemented initially.
Unfortunately, I don't have enough spare time to work on this one at the moment and have it fixed.
Would you be interested in submitting a PR for this one?
Thanks!