jsign icon indicating copy to clipboard operation
jsign copied to clipboard
verified publisher icon ebourg

Add ignorekeycert option

Open laurentgo opened this issue 3 years ago • 3 comments

Add an option to ignore certificate chain provided by the store and use the one provided by the user without any check.

laurentgo avatar Jun 02 '22 00:06 laurentgo

Coverage Status

Coverage decreased (-0.3%) to 83.066% when pulling 2478f84eabad8792f42f6ba0c70cfbe4a0fd0f2a on laurentgo:laurentgo/ignore-keycert into 502d71b358d32053bc41c9fd3411f050cdd61630 on ebourg:master.

coveralls avatar Jun 02 '22 00:06 coveralls

I'm not sure to understand the use case, in what situation one would want to replace the certificate from the keystore? Why not updating the certificate on the keystore instead? I don't mind replacing the certificate but I would prefer something easier to use, for example if the certfile specified contains the signing certificate, use it automatically instead of the one from the keystore.

ebourg avatar Jun 28 '24 15:06 ebourg

Sorry, it has been a while since I opened the issue but at the time I opened the issue and proposed the change, it was to support some remote keystore system which would store securely a private/public key but could not associate a certificate chain with it. The PKCS11 layer would just generate a fake certificate because it is kind of mandated by the API, but I would need to pass the actual certificate generated with the key and signed by the actual CA to esign

laurentgo avatar Jun 28 '24 18:06 laurentgo