[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Help-gnutls] CA cert verification
From: |
Daniel Stenberg |
Subject: |
[Help-gnutls] CA cert verification |
Date: |
Mon, 22 Aug 2005 09:56:45 +0200 (CEST) |
Hi friends
I have a little problem with my GnuTLS-enabled libcurl and CA cert verifying a
server. If I build it with OpenSSL instead it succeeds (using the same CA cert
file I should say).
Can you perhaps point out an obvious flaw in this flow?
gnutls_certificate_allocate_credentials()
gnutls_certificate_set_x509_trust_file() - if a CA file has been provided
gnutls_init()
gnutls_set_default_priority()
gnutls_certificate_type_set_priority()
gnutls_credentials_set() - sets the cred with the CA file, afaik understood
it
gnutls_transport_set_ptr() - sets the file descriptor for the socket
gnutls_handshake() - handshake, done non-blocking but I doubt that matters
gnutls_certificate_get_peers()
gnutls_certificate_verify_peers2() - this seems to always return error with
the 'verify_status' integer (that the second argument points to) set to 66 on
exit.
How can I proceed to figure out why this happens?
This is using GnuTLS 1.2.0.
Trying 1.0.16 instead, I get verify_status return 130 instead.
This is easily testable using the curl command line tool:
$ curl -v https://gmail.google.com/ --cacert /usr/share/curl/curl-ca-bundle.crt
(the CA cert path above comes from where Debian's curl install puts the CA
cert bundle)
--
-=- Daniel Stenberg -=- http://daniel.haxx.se -=-
ech`echo xiun|tr nu oc|sed 'sx\([sx]\)\([xoi]\)xo un\2\1 is xg'`ol
- [Help-gnutls] CA cert verification,
Daniel Stenberg <=
- Re: [Help-gnutls] CA cert verification, Nikos Mavrogiannopoulos, 2005/08/23
- Re: [Help-gnutls] CA cert verification, Daniel Stenberg, 2005/08/23
- Re: [Help-gnutls] CA cert verification, Daniel Stenberg, 2005/08/23
- [Help-gnutls] Re: CA cert verification, Simon Josefsson, 2005/08/23
- [Help-gnutls] Re: CA cert verification, Daniel Stenberg, 2005/08/23
- [Help-gnutls] Re: CA cert verification, Daniel Stenberg, 2005/08/24
- [Help-gnutls] Re: CA cert verification, Simon Josefsson, 2005/08/24
- Re: [Help-gnutls] Re: CA cert verification, Martin Lambers, 2005/08/24
- Re: [Help-gnutls] Re: CA cert verification, Nikos Mavrogiannopoulos, 2005/08/24
- Re: [Help-gnutls] Re: CA cert verification, Nikos Mavrogiannopoulos, 2005/08/24