[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Help-gnutls] Re: libgnutls: Verifying certificate chains, disconnec
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
Re: [Help-gnutls] Re: libgnutls: Verifying certificate chains, disconnected |
|
Date: |
Fri, 19 Oct 2007 15:45:31 +0300 |
|
User-agent: |
KMail/1.9.6 (enterprise 0.20070907.709405) |
On Friday 19 October 2007, Colin Leroy wrote:
> > > Do you have any pointers for that?
> >
> > Check the source code for gnutls_certificate_verify_peers2, it
> > contains what you have to do externally. I don't think if there is a
> > better interface available.
>
> I've looked at it, but this code seems really closely interlaced with
> things done at session start, and I couldn't figure out how to get the
> certificates list starting from a gnutls_x509_crt...
I don't really understand what you want to do. Do you have certificates in
gnutls_x509_crt structures and you want to verify them? Or do you have them
in der (or pem) format and you want to import them to x509_crt structures?
We do certificate verification in certtool using the --verify-chain option, is
this the functionality you are trying to achieve?
regards,
Nikos