[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Help-gnutls] Peer certificates not signed by any CA
From: |
Nikos Mavrogiannopoulos |
Subject: |
Re: [Help-gnutls] Peer certificates not signed by any CA |
Date: |
Fri, 4 Jun 2010 13:40:25 +0200 |
On Fri, Jun 4, 2010 at 10:49 AM, Florian Weimer <address@hidden> wrote:
> * Nikos Mavrogiannopoulos:
>
>>> May I assume that the first certificate returned by
>>> gnutls_certifcate_get_peers contains public key material which
>>> actually corresponds to the private key material which was used to
>>> establish the ssession?
>
>> No. That would be the last certificate in the chain.
>
> But the documentation says:
>
> Get the peer's raw certificate (chain) as sent by the peer. These
> certificates are in raw format (DER encoded for X.509). In case of
> a X.509 then a certificate list may be present. The first
> certificate in the list is the peer's certificate, following the
> issuer's certificate, then the issuer's issuer etc.
> So which one is correct? 8-)
The documentation is correct. Did I really say the thing above? :)
regards,
Nikos