@xomx said in Notepad++ v8.8.3 Release Candidate:
Maybe I’m a little bit lost in all that RC versions, but now I dl again the RC4 ones x64 installer and it’s signed like the above statements, which is just wrong, isn’t it? (should be with https instead):
The use of “http” instead of “https” wasn’t a mistake - that’s simply how it was done. You can check other digitally signed programs to confirm this.
In RC5280 “Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile”, Security Considerations section:
CAs SHOULD NOT include URIs that specify https, ldaps, or similar schemes in extensions. CAs that include an https URI in one of these extensions MUST ensure that the server's certificate can be validated without using the information that is pointed to by the URI. Relying parties that choose to validate the server's certificate when obtaining information pointed to by an https URI in the cRLDistributionPoints, authorityInfoAccess, or subjectInfoAccess extensions MUST be prepared for the possibility that this will result in unbounded recursion.