[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NSM certificate prompt

From: Eli Zaretskii
Subject: Re: NSM certificate prompt
Date: Sat, 13 Dec 2014 20:01:59 +0200

> From: Michael Albinus <address@hidden>
> Date: Sat, 13 Dec 2014 18:06:37 +0100
> Cc: address@hidden
> In order not to create an infinite chain, there are so-called Root CAs,
> which are "known by default". If any chain ends in such a root
> certificate, you know that the initial certificate is true.
> The problem is to distribute and maintain such root
> certificates. Browsers have them built-in, but I don't believe Emacs
> (eww) shall do so.

GnuTLS on Windows uses the CertEnumCertificatesInStore API to retrieve
all the Root and Certification Authority certificates known to the
system.  I suppose at least IE uses the same API, so I wonder how come
GnuTLS fails to validate the certificates, while IE succeeds.

I guess some debugging is in order.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]