PEP #: 49
TITLE: Enhancement of wbemexec to verify the trust store certificate validation result.
Version: 1.1
Authors: Nag Boranna
State: Accepted
Type: Functionality enhancement
Created: March 12, 2003
Version History:
Version | Date | Authors | Reason |
1.0 | 03/12/03 | Nag Boranna | Initial proposal |
1.1 | 03/19/03 | Nag Boranna | Updated status |
Abstract: Wbemexec currently accepts any certificate from an SSL enabled CIM Server. Wbemexec can check the trust store validation result in its certificate verification callback function and decide to proceed or not to proceed communication with the CIM Server.
Problem:
Wbemexec currently does not check the trust store validation result in its certificate verification callback function. It simply accepts the server certificate even if it was not found/validated in the trust store. This makes wbemexec unsecure to use in secure environments.
Solution:
This PEP proposes modification to wbemexec code to check the trust store validation result in its verify callback function. Accept the server certificate only if the trust store validation was successful, reject it otherwise.
Schedule:
Action | Planned | Actual | Comment |
PEP Submitted | 03/12/03 | 03/12/03 | |
PEP Reviewed | 03/18/03 | 03/18/03 | |
PEP Approved | 03/25/03 | 03/18/03 | |
Code Committed | 03/28/03 | 03/19/03 |