[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: trusted intermediate CAs
From: |
Simon Josefsson |
Subject: |
Re: trusted intermediate CAs |
Date: |
Wed, 12 Nov 2008 09:29:41 +0100 |
User-agent: |
Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.60 (gnu/linux) |
Daniel Kahn Gillmor <address@hidden> writes:
> i think certtool(1) is problematic in that way, fwiw:
>
> -e, --verify-chain
> Verify a PEM encoded certificate chain. The last certificate in
> the chain must be a self signed one.
Btw, note that certtool -e does not use the same chain validation
algorithm as the GnuTLS library uses -- I believe certtool -e would have
rejected the faulty gnutls-sa-2008-3 chain.
/Simon
- Re: The _gnutls_x509_verify_certificate fix, (continued)
- Re: The _gnutls_x509_verify_certificate fix, Sam Varshavchik, 2008/11/10
- Re: The _gnutls_x509_verify_certificate fix, Werner Koch, 2008/11/11
- Re: The _gnutls_x509_verify_certificate fix, Simon Josefsson, 2008/11/11
- supporting out-of-process certificate validation [was: Re: The _gnutls_x509_verify_certificate fix], Daniel Kahn Gillmor, 2008/11/11
- Re: supporting out-of-process certificate validation, Simon Josefsson, 2008/11/12
- Re: supporting out-of-process certificate validation, Werner Koch, 2008/11/12
- Re: supporting out-of-process certificate validation, Simon Josefsson, 2008/11/12
- Re: supporting out-of-process certificate validation, Werner Koch, 2008/11/12
- trusted intermediate CAs [was: Re: The _gnutls_x509_verify_certificate fix], Daniel Kahn Gillmor, 2008/11/11
- Re: trusted intermediate CAs,
Simon Josefsson <=
- Re: trusted intermediate CAs, Daniel Kahn Gillmor, 2008/11/12
- Re: trusted intermediate CAs, Nikos Mavrogiannopoulos, 2008/11/12
- Re: trusted intermediate CAs, Daniel Kahn Gillmor, 2008/11/12
- Re: trusted intermediate CAs, Nikos Mavrogiannopoulos, 2008/11/13