[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Help-gnutls] Re: CA cert verification
From: |
Daniel Stenberg |
Subject: |
[Help-gnutls] Re: CA cert verification |
Date: |
Wed, 24 Aug 2005 09:33:13 +0200 (CEST) |
On Wed, 24 Aug 2005, Simon Josefsson wrote:
address@hidden:~$ gnutls-cli --x509cafile /usr/share/curl/curl-ca-bundle.crt
gmail.google.com
The key difference turns out to be:
gnutls_certificate_set_verify_flags(cred,
GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
Which gnutls-cli sets and I didn't. When I use this, I can successfully verify
this server's certificate!
Perhaps the gnutls_certificate_verify_peers2() description in the docs could
hint about the possibility that this is needed?
Another little nit that is slightly related:
gnutls-cli uses the gnutls_certificate_verify_peers() function (alias, not the
*2 version), there are numerous references to this function in the docs but
there's no description for it... I take it the
gnutls_certificate_verify_peers2() is the one we should be using, but it would
probably be suitable if gnutls-cli was switched to use it and if the
references in the docs were updated as well.
--
-=- Daniel Stenberg -=- http://daniel.haxx.se -=-
ech`echo xiun|tr nu oc|sed 'sx\([sx]\)\([xoi]\)xo un\2\1 is xg'`ol
- [Help-gnutls] CA cert verification, Daniel Stenberg, 2005/08/22
- Re: [Help-gnutls] CA cert verification, Nikos Mavrogiannopoulos, 2005/08/23
- Re: [Help-gnutls] CA cert verification, Daniel Stenberg, 2005/08/23
- Re: [Help-gnutls] CA cert verification, Daniel Stenberg, 2005/08/23
- [Help-gnutls] Re: CA cert verification, Simon Josefsson, 2005/08/23
- [Help-gnutls] Re: CA cert verification, Daniel Stenberg, 2005/08/23
- [Help-gnutls] Re: CA cert verification,
Daniel Stenberg <=
- [Help-gnutls] Re: CA cert verification, Simon Josefsson, 2005/08/24
- Re: [Help-gnutls] Re: CA cert verification, Martin Lambers, 2005/08/24
- Re: [Help-gnutls] Re: CA cert verification, Nikos Mavrogiannopoulos, 2005/08/24
- Re: [Help-gnutls] Re: CA cert verification, Nikos Mavrogiannopoulos, 2005/08/24
- [Help-gnutls] Re: CA cert verification, Simon Josefsson, 2005/08/25