[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Help-gnutls] Re: CA cert verification
From: |
Simon Josefsson |
Subject: |
[Help-gnutls] Re: CA cert verification |
Date: |
Wed, 24 Aug 2005 00:11:22 +0200 |
User-agent: |
Gnus/5.110004 (No Gnus v0.4) Emacs/22.0.50 (gnu/linux) |
Daniel Stenberg <address@hidden> writes:
>>> $ curl -v https://gmail.google.com/ --cacert
>>> /usr/share/curl/curl-ca-bundle.crt
>> What does gnutls-cli gives with the same input?
>
> (Still using 1.2.0)
>
> $ gnutls-cli --x509certfile /usr/share/curl/curl-ca-bundle.crt
> gmail.google.com
> ...
> - Peer's certificate issuer is unknown
> - Peer's certificate is NOT trusted
> ...
>
> So it seems it agrees with what my code ends up thinking... ? Or am I not
> doing the right gnutls-cli command line?
>
> Any chance this is a problem that has been fixed since this version I use?
Using gnutls-cli from GnuTLS 1.2.6 appears to be able to connect and
verify the peer fine here (see below).
Cheers,
Simon
address@hidden:~$ gnutls-cli --x509cafile /usr/share/curl/curl-ca-bundle.crt
gmail.google.com
Processed 59 CA certificate(s).
Resolving 'gmail.google.com'...
Connecting to '64.233.183.107:443'...
- Certificate type: X.509
- Got a certificate list of 2 certificates.
- Certificate[0] info:
# The hostname in the certificate matches 'gmail.google.com'.
# valid since: Wed Jun 8 00:12:57 CEST 2005
# expires at: Thu Jun 8 00:12:57 CEST 2006
# fingerprint: 1E:56:99:FD:16:73:C1:95:8F:9F:AD:43:29:F1:93:5A
# Subject's DN: C=US,ST=California,L=Mountain View,O=Google
Inc,CN=gmail.google.com
# Issuer's DN: C=ZA,O=Thawte Consulting (Pty) Ltd.,CN=Thawte SGC CA
- Certificate[1] info:
# valid since: Thu May 13 02:00:00 CEST 2004
# expires at: Tue May 13 01:59:59 CEST 2014
# fingerprint: 84:84:03:56:10:85:53:ED:9A:CA:60:B5:FA:99:D3:31
# Subject's DN: C=ZA,O=Thawte Consulting (Pty) Ltd.,CN=Thawte SGC CA
# Issuer's DN: C=US,O=VeriSign\, Inc.,OU=Class 3 Public Primary Certification
Authority
- Peer's certificate is trusted
- Version: TLS 1.0
- Key Exchange: RSA
- Cipher: AES 256 CBC
- MAC: SHA
- Compression: NULL
- Handshake was completed
- Simple Client Mode:
...
- [Help-gnutls] CA cert verification, Daniel Stenberg, 2005/08/22
- Re: [Help-gnutls] CA cert verification, Nikos Mavrogiannopoulos, 2005/08/23
- Re: [Help-gnutls] CA cert verification, Daniel Stenberg, 2005/08/23
- Re: [Help-gnutls] CA cert verification, Daniel Stenberg, 2005/08/23
- [Help-gnutls] Re: CA cert verification,
Simon Josefsson <=
- [Help-gnutls] Re: CA cert verification, Daniel Stenberg, 2005/08/23
- [Help-gnutls] Re: CA cert verification, Daniel Stenberg, 2005/08/24
- [Help-gnutls] Re: CA cert verification, Simon Josefsson, 2005/08/24
- Re: [Help-gnutls] Re: CA cert verification, Martin Lambers, 2005/08/24
- Re: [Help-gnutls] Re: CA cert verification, Nikos Mavrogiannopoulos, 2005/08/24
- Re: [Help-gnutls] Re: CA cert verification, Nikos Mavrogiannopoulos, 2005/08/24
- [Help-gnutls] Re: CA cert verification, Simon Josefsson, 2005/08/25