[kmf-discuss] Qs on KMF policy
Wyllys Ingersoll
wyllys.ingersoll at sun.com
Tue Dec 18 05:27:04 PST 2007
Jan Pechanec wrote:
> On Mon, 17 Dec 2007, Wyllys Ingersoll wrote:
>
>
>> Currently, the code does not check for expiration, it will keep downloading. It
>> seems reasonable to add a check for expiration to avoid re-downloading
>> unnecessarily. Care to file an RFE for this?
>>
>
> 6643119 kmf_validate_cert() should download CRL only when the previous one has
> expired
>
>
Got it, thanks.
>> I was out on vacation Friday, but have been following along and I plan to
>> update the
>> documentation around the validate/verify operations to try and clear up some
>> questions for future readers.
>>
>
> it would be also nice if the API document could be divided into a
> few sections - cert/data signing/verifying, CRLs, CSRs, attributes handling,
> ...
>
> I know that it could be done precisly since many functions could
> fall into more categories but still, it might be helpful.
>
> J.
>
Thanks, I will consider it.
-Wyllys
More information about the kmf-discuss
mailing list