[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Checking expiry of my own certificates
From: |
Michael Welsh Duggan |
Subject: |
Re: Checking expiry of my own certificates |
Date: |
Mon, 7 Jun 2010 13:42:57 -0400 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/23.1.93 (gnu/linux) |
On Mon, 7 Jun 2010 11:37:11 -0400, Simon Josefsson wrote:
> Michael Welsh Duggan <address@hidden> writes:
>
>> However, we don't see a way to do that with the certificate/key
>> pair that we load. gnutls_x509_crt_list_verify() looks close,
>> however it does not check the activation/expiration times, and we
>> haven't found a function that lets me get a certificate list from
>> a gnutls_certificate_credentials_t structure.
>
> Doesn't gnutls_x509_crt_list_verify check times? If I read the code for
> gnutls_certificate_verify_peers2, it calls
> _gnutls_x509_cert_verify_peers which calls gnutls_x509_crt_list_verify.
> I can't find any time checks outside of that function.
Yes, you are correct. gnutls_x509_crt_list_verify() does verify the
times.
I meant to write that gnutls_x509_crt_verify() does not the times.
However, we are still confused on how to get from a
gnutls_certificate_credentials_t struct to the list of certificates
that we can pass to gnutls_x509_crt_list_verify().
Thanks.
--
Michael Welsh Duggan
(address@hidden)