[Help-gnutls] Verifying peer's certificate: how to handle certificate ch

help-gnutls

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Help-gnutls] Verifying peer's certificate: how to handle certificate ch

From:	Martin Lambers
Subject:	[Help-gnutls] Verifying peer's certificate: how to handle certificate chains?
Date:	Thu, 22 Apr 2004 23:18:10 +0200
User-agent:	Mutt/1.5.6i

Hello!

I'm currently using the example code from the documentation section
"Verifying peer's certificate" to verify certificates. A comment 
there says that "Real world programs should be able to handle 
certificate chains as well".

How? Must *every* certificate in the chain pass all tests (import, 
expiration time, activation time, and hostname), or is it sufficient 
that there is *one* certificate that passes all tests?

I assume *every* certificate must pass the import, expiration time, 
and activation time tests, but only *one* (the first in the chain??) 
must pass the hostname check. Is this correct?

Martin

[Prev in Thread]

Current Thread

[Next in Thread]

[Help-gnutls] Verifying peer's certificate: how to handle certificate chains?, Martin Lambers <=
- Re: [Help-gnutls] Verifying peer's certificate: how to handle certificate chains?, Nikos Mavroyanopoulos, 2004/04/23

Next by Date: Re: [Help-gnutls] Verifying peer's certificate: how to handle certificate chains?
Next by thread: Re: [Help-gnutls] Verifying peer's certificate: how to handle certificate chains?
Index(es):
- Date
- Thread