You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
CertChecker.CheckCert has a slightly confusing API, as it appears on the surface as the primary method on the type, but it doesn't actually authenticate the certificate at all, rather it validates the contents and should generally be called afterCertChecker.Authenticate. In particular the doc comment refers to checking "the signature of the certificate" is perhaps somewhat misleading, since this simply checks that the self-signature on the certificate is valid (both signature and key are attacker controlled, so don't actually impart any trust).
At the minimum we should update the doc comment to be clearer about what it actually does, and that it succeeding does not infer any trust.
CertChecker.CheckCert
has a slightly confusing API, as it appears on the surface as the primary method on the type, but it doesn't actually authenticate the certificate at all, rather it validates the contents and should generally be called afterCertChecker.Authenticate
. In particular the doc comment refers to checking "the signature of the certificate" is perhaps somewhat misleading, since this simply checks that the self-signature on the certificate is valid (both signature and key are attacker controlled, so don't actually impart any trust).At the minimum we should update the doc comment to be clearer about what it actually does, and that it succeeding does not infer any trust.
cc @FiloSottile
The text was updated successfully, but these errors were encountered: