[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Help-gnutls] Is gnutls using the shell model or the chain model for
From: |
Daniel Kahn Gillmor |
Subject: |
Re: [Help-gnutls] Is gnutls using the shell model or the chain model for a certificate validation |
Date: |
Thu, 06 Nov 2008 14:18:20 -0500 |
User-agent: |
Gnus/5.11 (Gnus v5.11) Emacs/22.2 (gnu/linux) |
On Thu 2008-11-06 07:38:28 -0500, Scott Schaeffner wrote:
> gnupgp contains a parameter to determine which of these two certificate
> validation models (shell or chain - --validation-model) shall be used
> (http://gnupg.org/documentation/manuals/gnupg/Certificate-Options.html).
To be clear, this gpg documentation is in the "GPGSM Options" section,
so it refers to the X.509 certificates, not OpenPGP certificates,
correct?
> I was looking into the gnutls manual and did not find a statement
> concerning the validation model that is being used.
I don't see any clear notes on the page you linked explaining
specifically what "shell" and "chain" mean in this context. However,
GnuTLS has several functions that can be used for X.509 certificate
validation:
http://www.gnu.org/software/gnutls/manual/html_node/Verifying-X_002e509-certificate-paths.html
http://www.gnu.org/software/gnutls/manual/html_node/X_002e509-certificate-functions.html
You should be able to use those functions to build a certificate
validation that meets your specific needs. What are you trying to do?
--dkg
pgpg2driF2Qb2.pgp
Description: PGP signature