[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Checking expiry of my own certificates
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
Re: Checking expiry of my own certificates |
|
Date: |
Mon, 07 Jun 2010 20:08:36 +0200 |
|
User-agent: |
Thunderbird 2.0.0.24 (X11/20100411) |
Michael Welsh Duggan wrote:
> On Mon, 7 Jun 2010 11:37:11 -0400, Simon Josefsson wrote:
>
>> Michael Welsh Duggan <address@hidden> writes:
>>
>>> However, we don't see a way to do that with the certificate/key
>>> pair that we load. gnutls_x509_crt_list_verify() looks close,
>>> however it does not check the activation/expiration times, and we
>>> haven't found a function that lets me get a certificate list from
>>> a gnutls_certificate_credentials_t structure.
>> Doesn't gnutls_x509_crt_list_verify check times? If I read the code for
>> gnutls_certificate_verify_peers2, it calls
>> _gnutls_x509_cert_verify_peers which calls gnutls_x509_crt_list_verify.
>> I can't find any time checks outside of that function.
>
> Yes, you are correct. gnutls_x509_crt_list_verify() does verify the
> times.
>
> I meant to write that gnutls_x509_crt_verify() does not the times.
>
> However, we are still confused on how to get from a
> gnutls_certificate_credentials_t struct to the list of certificates
> that we can pass to gnutls_x509_crt_list_verify().
You cannot. You can use gnutls_certificate_verify_peers2() to use that
list for verification, or you can load the trusted certificates
independently using gnutls_x509_crt_list_import().
regards,
Nikos