[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Remove artificial constraint in _gnutls_x509_verify_certificate
From: |
Tomas Mraz |
Subject: |
Re: Remove artificial constraint in _gnutls_x509_verify_certificate |
Date: |
Wed, 03 Mar 2010 12:31:55 +0100 |
On Tue, 2010-03-02 at 22:34 +0100, Nikos Mavrogiannopoulos wrote:
> Tomas Mraz wrote:
> > Hi,
> > I was examining the current _gnutls_x509_verify_certificate() code and I
> > found that the code does not allow unconditionally accepting the site
> > certificate if it is on the trust list. I think that this is unnecessary
> > restriction which should be removed.
>
> Please elaborate. What is the scenario that wasn't working before and
> you believe you fixed with this patch?
For example when the site certificate is expired and/or uses unsafe
algorithm for its signature and you put it on the trusted list on client
to alleviate the problem.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb