Re: [Help-gnutls] Peer certificates not signed by any CA

help-gnutls

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-gnutls] Peer certificates not signed by any CA

From:	Nikos Mavrogiannopoulos
Subject:	Re: [Help-gnutls] Peer certificates not signed by any CA
Date:	Fri, 4 Jun 2010 13:40:25 +0200

On Fri, Jun 4, 2010 at 10:49 AM, Florian Weimer <address@hidden> wrote:
> * Nikos Mavrogiannopoulos:
>
>>> May I assume that the first certificate returned by
>>> gnutls_certifcate_get_peers contains public key material which
>>> actually corresponds to the private key material which was used to
>>> establish the ssession?
>
>> No. That would be the last certificate in the chain.
>
> But the documentation says:
>
>     Get the peer's raw certificate (chain) as sent by the peer.  These
>     certificates are in raw format (DER encoded for X.509).  In case of
>     a X.509 then a certificate list may be present.  The first
>     certificate in the list is the peer's certificate, following the
>     issuer's certificate, then the issuer's issuer etc.
> So which one is correct? 8-)

The documentation is correct. Did I really say the thing above? :)

regards,
Nikos

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Help-gnutls] Peer certificates not signed by any CA, Florian Weimer, 2010/06/04
- Re: [Help-gnutls] Peer certificates not signed by any CA, Nikos Mavrogiannopoulos <=
  - Re: [Help-gnutls] Peer certificates not signed by any CA, Florian Weimer, 2010/06/04

Prev by Date: Re: [Help-gnutls] Peer certificates not signed by any CA
Next by Date: Re: Purpose of gnutls_credentials_set
Previous by thread: Re: [Help-gnutls] Peer certificates not signed by any CA
Next by thread: Re: [Help-gnutls] Peer certificates not signed by any CA
Index(es):
- Date
- Thread