[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT breaks certificate verification
From: |
Nikos Mavrogiannopoulos |
Subject: |
Re: GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT breaks certificate verification |
Date: |
Tue, 30 Oct 2012 15:17:43 +0100 |
On Tue, Oct 30, 2012 at 2:28 PM, Michal Suchanek <address@hidden> wrote:
>> Now for the issue you see. It is because you do not set the flag
>> GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN. If you set this flag then unsorted
>> chains will be sorted prior to verification. The reason you see this
>> failure is because this flag is enabled by default on a credentials
>> structure, unless it is overridden by other flags as you do.
> So all the examples using gnutls_certificate_set_verify_flags are
> bogus because they replace the defualt flags and break the
> verification.
Which examples do you refer to? However, an update_flags may be
helpful indeed. I'll check it.
regards,
Nikos