emacs-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Network security manager


From: Lars Magne Ingebrigtsen
Subject: Re: Network security manager
Date: Tue, 18 Nov 2014 23:37:40 +0100
User-agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/24.4.51 (gnu/linux)

Toke Høiland-Jørgensen <address@hidden> writes:

> Well, according to the documentation:
> http://www.gnutls.org/manual/html_node/Verifying-X_002e509-certificate-paths.html
>
> GNUTLS_CERT_SIGNER_NOT_CA means:
>
>     "The certificate’s signer was not a CA. This may happen if this was
>     a version 1 certificate, which is common with some CAs, or a version
>     3 certificate without the basic constrains extension."
>
> Whereas GNUTLS_CERT_SIGNER_NOT_FOUND is the common "we don't trust
> whoever signed this". So I'd think that GNUTLS_CERT_SIGNER_NOT_FOUND
> would be returned for all self-signed certificates, and possibly
> GNUTLS_CERT_SIGNER_NOT_CA in addition. If GNUTLS_CERT_SIGNER_NOT_CA is
> returned for a legitimately signed certificate (from the trust store),
> the CA is probably doing something wrong.

Right.  I've now tweaked the values returned so that we get the
:self-signed error for SIGNER_NOT_FOUND, which should make more sense to
the user.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no



reply via email to

[Prev in Thread] Current Thread [Next in Thread]