[Help-gnutls] Certificate verification when using OpenPGP certificates

help-gnutls

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Help-gnutls] Certificate verification when using OpenPGP certificates

From:	Matthias Wimmer
Subject:	[Help-gnutls] Certificate verification when using OpenPGP certificates
Date:	Wed, 14 Mar 2007 20:26:02 +0100
User-agent:	Thunderbird 1.5.0.10 (X11/20070307)

Hi!

Is there any example or documentation how to do certificateverification, if the peer used an OpenPGP key to authenticate? TheOpenPGP example distributed with GnuTLS (ex-serv-pgp.c) does not do anyverification.

I guess that I have to use gnutls_certificate_verify_peers2() first andif that succeeds, all that is left to do is to check if the OpenPGP keycontains one ID that matches what I expect the peer to be.Do I have to check anything else? E.g. expiration of the key (as I wouldhave to do with X.509 certificates, but there does not seem to be afunction for that) or the self signature of the key (I'd expect thatthis might already been done by gnutls_certificate_verify_peers2())?


Matthias

[Prev in Thread]

Current Thread

[Next in Thread]

[Help-gnutls] Certificate verification when using OpenPGP certificates, Matthias Wimmer <=
- [Help-gnutls] Re: Certificate verification when using OpenPGP certificates, Simon Josefsson, 2007/03/15
- [Help-gnutls] Certificate verification when using OpenPGP certificates, Matthias Wimmer, 2007/03/14

Prev by Date: [Help-gnutls] Re: Error making certificate
Next by Date: [Help-gnutls] Certificate verification when using OpenPGP certificates
Previous by thread: [Help-gnutls] gnutls_x509_crt_set_version documentation suggestion
Next by thread: [Help-gnutls] Re: Certificate verification when using OpenPGP certificates
Index(es):
- Date
- Thread