[prev in list] [next in list] [prev in thread] [next in thread]
List: gnutls-dev
Subject: Re: trusted intermediate CAs
From: "Nikos Mavrogiannopoulos" <n.mavrogiannopoulos () gmail ! com>
Date: 2008-11-13 15:31:41
Message-ID: c331d99a0811130731u27a17c9dr49034143c3096614 () mail ! gmail ! com
[Download RAW message or body]
On Thu, Nov 13, 2008 at 1:27 AM, Daniel Kahn Gillmor
<dkg@fifthhorseman.net> wrote:
>> the library doesn't export any high level verification function to
>> verify certificate chains.
>
> What about gnutls_x509_crt_list_verify() and
> gnutls_certificate_verify_peers2() ? The latter is used in src/srv.c
> and srv/cli.c, and i think it calls the former under the hood (using
> data from the TLS session to fill in the specific parameters).
>
> Those seem like high-level functions to verify certificate chains to
> me. Did you mean something else?
No. But they are not high level functions. There are no hooks to print
any useful
information like certtool is printing for each verification.
> I think it would be really useful to have certtool reflect the
> internal workings of GnuTLS as closely as possible, not least for the
> sake of providing tools to help admins who are trying to debug/test
> GnuTLS-based applications.
I agree. We can add it as a todo item.
regards,
Nikos
_______________________________________________
Gnutls-devel mailing list
Gnutls-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/gnutls-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic