[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: trusted intermediate CAs
From: |
Nikos Mavrogiannopoulos |
Subject: |
Re: trusted intermediate CAs |
Date: |
Thu, 13 Nov 2008 17:31:41 +0200 |
On Thu, Nov 13, 2008 at 1:27 AM, Daniel Kahn Gillmor
<address@hidden> wrote:
>> the library doesn't export any high level verification function to
>> verify certificate chains.
>
> What about gnutls_x509_crt_list_verify() and
> gnutls_certificate_verify_peers2() ? The latter is used in src/srv.c
> and srv/cli.c, and i think it calls the former under the hood (using
> data from the TLS session to fill in the specific parameters).
>
> Those seem like high-level functions to verify certificate chains to
> me. Did you mean something else?
No. But they are not high level functions. There are no hooks to print
any useful
information like certtool is printing for each verification.
> I think it would be really useful to have certtool reflect the
> internal workings of GnuTLS as closely as possible, not least for the
> sake of providing tools to help admins who are trying to debug/test
> GnuTLS-based applications.
I agree. We can add it as a todo item.
regards,
Nikos
- supporting out-of-process certificate validation [was: Re: The _gnutls_x509_verify_certificate fix], (continued)
- supporting out-of-process certificate validation [was: Re: The _gnutls_x509_verify_certificate fix], Daniel Kahn Gillmor, 2008/11/11
- Re: supporting out-of-process certificate validation, Simon Josefsson, 2008/11/12
- Re: supporting out-of-process certificate validation, Werner Koch, 2008/11/12
- Re: supporting out-of-process certificate validation, Simon Josefsson, 2008/11/12
- Re: supporting out-of-process certificate validation, Werner Koch, 2008/11/12
- trusted intermediate CAs [was: Re: The _gnutls_x509_verify_certificate fix], Daniel Kahn Gillmor, 2008/11/11
- Re: trusted intermediate CAs, Simon Josefsson, 2008/11/12
- Re: trusted intermediate CAs, Daniel Kahn Gillmor, 2008/11/12
- Re: trusted intermediate CAs, Nikos Mavrogiannopoulos, 2008/11/12
- Re: trusted intermediate CAs, Daniel Kahn Gillmor, 2008/11/12
- Re: trusted intermediate CAs,
Nikos Mavrogiannopoulos <=