Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

allow_fetching=True together with moment #27

Open
MrCrumbs opened this issue May 11, 2020 · 0 comments
Open

allow_fetching=True together with moment #27

MrCrumbs opened this issue May 11, 2020 · 0 comments

Comments

@MrCrumbs
Copy link

I was wondering, in the comment you write:

If certificate validation should be performed based on a date and time other than right now. A datetime.datetime object with a tzinfo value. If this parameter is specified, then the only way to check OCSP and CRL responses is to pass them via the crls and ocsps parameters. Can not be combined with allow_fetching=True.

Why is this? What is wrong with fetching CRLs etc. with some defined moment? This restriction doesn't allow the CRL verification of any digital signature that has a timestamp certificate in it, since when there's a timestamp certificate, the moment is defined by that certificate, and not by current time.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@MrCrumbs