Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CoseSignTool.exe validate incorrectly passes validation #66

Closed
elantiguamsft opened this issue Jan 10, 2024 · 1 comment
Closed

CoseSignTool.exe validate incorrectly passes validation #66

elantiguamsft opened this issue Jan 10, 2024 · 1 comment

Comments

@elantiguamsft
Copy link
Contributor

CoseSignTool.exe validate appears to falsely report successful validation when the certificate chain does not lead to a known root.

This appears to be isolated to just the CoseSignTool.exe validate command line tool and not the CoseHandler API.

Repro steps:

1.) Produce a detached COSE signature (See: Sign command)
1.) Make sure that the root CA of the signing certificate is not installed in trusted root store
2.) Attempt to call CoseSignTool.exe validate on the payload and previously produced .cose file with no /Roots specified
3.) Observe "Validation succeeded message"
@elantiguamsft elantiguamsft changed the title CoseSignTool.exe Validates incorrectly passes validation CoseSignTool.exe validate incorrectly passes validation Jan 10, 2024
@elantiguamsft elantiguamsft mentioned this issue Jan 11, 2024
Merged
@elantiguamsft
Copy link
Contributor Author

Closing issue, solved by #67

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@elantiguamsft