certigo icon indicating copy to clipboard operation
certigo copied to clipboard

Published 20 hours ago verified publisher icon square

Better trust chain output

Open mcpherrinm opened this issue 7 years ago • 1 comments

Today, we dump all built trust chains.

That could be improved in a few ways:

  • [ ] Don't print all of them out unless in --verbose
  • [ ] Warn about un-needed intermediates (but be careful; they may be needed with other trust stores)
  • [ ] Warn about un-needed roots served in trust chains
  • [ ] some support for pinning leafs / intermediates

mcpherrinm avatar Mar 15 '17 19:03 mcpherrinm

I would even fail the validation if an intermediate is missing from the presented chain. Today it validates if the intermediate is present in the CA bundle (which is wrong).

matthyx avatar Jul 19 '22 09:07 matthyx