URL: https://github.com/SSSD/sssd/pull/5558 Title: #5558: p11_child: Add partial verification support
3v1n0 commented: """ > and here `X509_V_FLAG_CRL_CHECK_ALL` enforces a CRL check of the whole chain, > i.e. you need the CRL of each CA in the chain. I wonder if `partial_chain` > should have an effect on the CRL check as well or if it would be better to > have a separate option to toggle the `X509_V_FLAG_CRL_CHECK_ALL` flag? I'd say it's better to use another flag, while the outcome could be the same, I think that having more granularity on these flags isn't expensive but will avoid troubles in case you want to have mixed configs. """ See the full comment at https://github.com/SSSD/sssd/pull/5558#issuecomment-809521156
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure