[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
GnuTLS and certificate verification
From: |
Julien Danjou |
Subject: |
GnuTLS and certificate verification |
Date: |
Thu, 06 Sep 2012 00:13:06 +0200 |
User-agent: |
Gnus/5.130006 (Ma Gnus v0.6) Emacs/24.2.50 (gnu/linux) |
Hi,
I'd like gnutls to check that the server I connect to are trusted. Using
Gnus and smtpmail, currently, the check is disable because
the argument :verify-hostname-error to `gnutls-negotiate' is always nil.
It seems nothing uses it for now.
I wonder if adding a global defcustom would be helpful here. WDYT?
OTOH, I've tried to set it manually to t, and I added my CA to the know
certificates. gnutls-bin is now happy to connect to my IMAP server and
considers it secure ("Peer's certificate is trusted"). But with
gnutls.c, I keep hitting:
if (peer_verification & GNUTLS_CERT_SIGNER_NOT_FOUND)
GNUTLS_LOG2 (1, max_log_level, "certificate signer was not found:",
c_hostname);
Note that the trustfile used seems correct too.
If anybody has a clue, I'd be glad…
--
Julien Danjou
/* Free Software hacker & freelance
http://julien.danjou.info */
pgpfc9gB94r8f.pgp
Description: PGP signature
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- GnuTLS and certificate verification,
Julien Danjou <=