bug-gnu-emacs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#19404: 25.0.50; Gnus shows self-signed certificate warning when conn


From: Ivan Shmakov
Subject: bug#19404: 25.0.50; Gnus shows self-signed certificate warning when connecting to Gmane
Date: Fri, 19 Dec 2014 17:32:28 +0000
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux)

>>>>> David Engster <address@hidden> writes:
>>>>> Ivan Shmakov writes:
>>>>> David Engster <address@hidden> writes:

[…]

 >>> So my guess would be: use gnutls_x509_crt_get_dn2 or maybe
 >>> gnutls_x509_crt_get_subject and compare to
 >>> gnutls_certificate_get_issuer.  If equal -> self-signed.  But that
 >>> could be wrong.  Best place is to ask on the GnuTLS list.

 >> If anything, it’s the respective public key fingerprints that are to
 >> be compared.

 > Sorry, I don't get it.  Which respective public key fingerprints?
 > There's just one certificate.

        Public key fingerprint is a property of, well, the public key, –
        not the certificate.

        But I stand corrected; as it seems, while OpenPGP signatures –
        including those binding user IDs to public keys [1] – allow for
        the signer (issuer) to be identified with a “key ID” (the low
        64 bits SHA-1 of the respective public key’s fingerprint), X.509
        certificates do not offer such an option (e. g., [2].)

        So I guess we should indeed check the DNs.

[1] urn:ietf:rfc:4880, section 11.1 “Transferable Public Keys”.
[2] 
https://cipherious.wordpress.com/2013/05/13/constructing-an-x-509-certificate-using-asn-1/

-- 
FSF associate member #7257  np. The Talisman — Iron Maiden   … B6A0 230E 334A





reply via email to

[Prev in Thread] Current Thread [Next in Thread]