python-keystoneclient

  1. Bug #1490804
  2. Comment #45

Comment 45 for bug 1490804

Revision history for this message
Guang Yee (guang-yee) wrote : Re: PKI Token Revocation Bypass

Adam, regarding your patch in #28 (0001-hash-the-data-in-the-token.patch ), can't you use cms_verify to get the output instead of doing asn.1 parsing?

In any case, doing short-lived PKI tokens instead of relying on revocation is probably easier if deployer can tolerate the risk.