[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#19404: 25.0.50; Gnus shows self-signed certificate warning when conn

From: Ivan Shmakov
Subject: bug#19404: 25.0.50; Gnus shows self-signed certificate warning when connecting to Gmane
Date: Fri, 19 Dec 2014 17:32:28 +0000
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux)

>>>>> David Engster <address@hidden> writes:
>>>>> Ivan Shmakov writes:
>>>>> David Engster <address@hidden> writes:


 >>> So my guess would be: use gnutls_x509_crt_get_dn2 or maybe
 >>> gnutls_x509_crt_get_subject and compare to
 >>> gnutls_certificate_get_issuer.  If equal -> self-signed.  But that
 >>> could be wrong.  Best place is to ask on the GnuTLS list.

 >> If anything, it’s the respective public key fingerprints that are to
 >> be compared.

 > Sorry, I don't get it.  Which respective public key fingerprints?
 > There's just one certificate.

        Public key fingerprint is a property of, well, the public key, –
        not the certificate.

        But I stand corrected; as it seems, while OpenPGP signatures –
        including those binding user IDs to public keys [1] – allow for
        the signer (issuer) to be identified with a “key ID” (the low
        64 bits SHA-1 of the respective public key’s fingerprint), X.509
        certificates do not offer such an option (e. g., [2].)

        So I guess we should indeed check the DNs.

[1] urn:ietf:rfc:4880, section 11.1 “Transferable Public Keys”.

FSF associate member #7257  np. The Talisman — Iron Maiden   … B6A0 230E 334A

reply via email to

[Prev in Thread] Current Thread [Next in Thread]