fix: add warning message for non-revokable certificate (notaryproject…

…#479) Fix: - added warning message for non-revokable certificate --------- Signed-off-by: Junjie Gao <[email protected]> Signed-off-by: Patrick Zheng <[email protected]>
Two-Hearts · Dec 9, 2024 · 0a9ff2a · 0a9ff2a
1 parent ffc04d8
commit 0a9ff2a
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/verifier/verifier.go b/verifier/verifier.go
@@ -704,6 +704,10 @@ func revocationFinalResult(certResults []*revocationresult.CertRevocationResult,
 				revokedCertSubject = problematicCertSubject
 			}
 		}
+
+		if i < len(certResults)-1 && certResult.Result == revocationresult.ResultNonRevokable {
+			logger.Warnf("Certificate #%d in the chain with subject %v neither has an OCSP nor a CRL revocation method.", (i + 1), cert.Subject.String())
+		}
 	}
 	if revokedFound {
 		problematicCertSubject = revokedCertSubject