Re: [Help-gnutls] Verifying peer's certificate: how to handle certificat

help-gnutls

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-gnutls] Verifying peer's certificate: how to handle certificat

From:	Nikos Mavroyanopoulos
Subject:	Re: [Help-gnutls] Verifying peer's certificate: how to handle certificate chains?
Date:	Fri, 23 Apr 2004 09:39:26 +0300
User-agent:	KMail/1.6.1

On Friday 23 April 2004 00:18, Martin Lambers wrote:
> Hello!

> I'm currently using the example code from the documentation section
> "Verifying peer's certificate" to verify certificates. A comment
> there says that "Real world programs should be able to handle
> certificate chains as well".
> I assume *every* certificate must pass the import, expiration time,
> and activation time tests, but only *one* (the first in the chain??)
> must pass the hostname check. Is this correct?
Yes this is correct. The first certificate in the chain belongs to the host.
The other certificates belong to intermediate CAs that certified that host.

> Martin

-- 
Nikos Mavroyanopoulos

[Prev in Thread]

Current Thread

[Next in Thread]

[Help-gnutls] Verifying peer's certificate: how to handle certificate chains?, Martin Lambers, 2004/04/22
- Re: [Help-gnutls] Verifying peer's certificate: how to handle certificate chains?, Nikos Mavroyanopoulos <=

Prev by Date: [Help-gnutls] Verifying peer's certificate: how to handle certificate chains?
Next by Date: [Help-gnutls] Self-signed certificates vs Opera
Previous by thread: [Help-gnutls] Verifying peer's certificate: how to handle certificate chains?
Next by thread: [Help-gnutls] Self-signed certificates vs Opera
Index(es):
- Date
- Thread