[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Help-gnutls] Verifying peer's certificate: how to handle certificate ch
From: |
Martin Lambers |
Subject: |
[Help-gnutls] Verifying peer's certificate: how to handle certificate chains? |
Date: |
Thu, 22 Apr 2004 23:18:10 +0200 |
User-agent: |
Mutt/1.5.6i |
Hello!
I'm currently using the example code from the documentation section
"Verifying peer's certificate" to verify certificates. A comment
there says that "Real world programs should be able to handle
certificate chains as well".
How? Must *every* certificate in the chain pass all tests (import,
expiration time, activation time, and hostname), or is it sufficient
that there is *one* certificate that passes all tests?
I assume *every* certificate must pass the import, expiration time,
and activation time tests, but only *one* (the first in the chain??)
must pass the hostname check. Is this correct?
Martin
- [Help-gnutls] Verifying peer's certificate: how to handle certificate chains?,
Martin Lambers <=