Re: Remove artificial constraint in _gnutls_x509_verify

gnutls-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Remove artificial constraint in _gnutls_x509_verify_certificate

From:	Tomas Mraz
Subject:	Re: Remove artificial constraint in _gnutls_x509_verify_certificate
Date:	Wed, 03 Mar 2010 12:31:55 +0100

On Tue, 2010-03-02 at 22:34 +0100, Nikos Mavrogiannopoulos wrote: 
> Tomas Mraz wrote:
> > Hi,
> > I was examining the current _gnutls_x509_verify_certificate() code and I
> > found that the code does not allow unconditionally accepting the site
> > certificate if it is on the trust list. I think that this is unnecessary
> > restriction which should be removed.
> 
> Please elaborate. What is the scenario that wasn't working before and
> you believe you fixed with this patch?

For example when the site certificate is expired and/or uses unsafe
algorithm for its signature and you put it on the trusted list on client
to alleviate the problem.
-- 
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb

[Prev in Thread]

Current Thread

[Next in Thread]

Remove artificial constraint in _gnutls_x509_verify_certificate, Tomas Mraz, 2010/03/02
- Re: Remove artificial constraint in _gnutls_x509_verify_certificate, Nikos Mavrogiannopoulos, 2010/03/02
  - Re: Remove artificial constraint in _gnutls_x509_verify_certificate, Tomas Mraz <=
    - Re: Remove artificial constraint in _gnutls_x509_verify_certificate, Nikos Mavrogiannopoulos, 2010/03/07

Prev by Date: Re: Another renegotiation patch
Next by Date: Re: Another renegotiation patch
Previous by thread: Re: Remove artificial constraint in _gnutls_x509_verify_certificate
Next by thread: Re: Remove artificial constraint in _gnutls_x509_verify_certificate
Index(es):
- Date
- Thread