For cases where a CA sends back a PKCS#7 blob with multiple certificates in it, we should pass in the client public key so that the helper can dig out the certificate that contains that key, and have a sanity check even when the CA just sends back a certificate.
New milestone was created for milestone-less tickets.
We pass the information out in 0.73 and later. We added the consistency check as a debug statement for 0.78: the debugging output will include a null item named "key_checked", "key_reused", or "key_mismatch", depending on whether the key in an issued certificate matches the expected key, the existing key when we wanted to switch to a new one, or neither.
Metadata Update from @nalin:
- Issue set to the milestone: 0.78
to comment on this ticket.