[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Security implications of (not using) GNUTLS_VERIFY_DO_NOT_ALLOW_SAME
From: |
Nikos Mavrogiannopoulos |
Subject: |
Re: Security implications of (not using) GNUTLS_VERIFY_DO_NOT_ALLOW_SAME |
Date: |
Mon, 21 Jun 2010 13:45:41 +0200 |
On Mon, Jun 21, 2010 at 1:23 PM, Lars Noschinski
<address@hidden> wrote:
>> The GNUTLS_VERIFY_DO_NOT_ALLOW_SAME is a flag, to make the trusted
>> certificate list, a list that can only certify other keys. That is it
>> will not allow a certificate from this list to be used as a server
>> certificate. So how it works it depends on your usage of this list. If
>> you add end server certificates there maybe
>> GNUTLS_VERIFY_DO_NOT_ALLOW_SAME is not a good option for you. But for
>> other uses it is quite sensible.
> Ok. But in this case, the behaviour I observed seems to be indeed a bug
> in gnutls, as my certificate list did not contain the server's
> certificate, but only the CA certificates.
Then please send me something I can reproduce (such as the smallest
possible list that I can use to verify the problem and how I can
verify it).
regards,
Nikos
- Security implications of (not using) GNUTLS_VERIFY_DO_NOT_ALLOW_SAME, Lars Noschinski, 2010/06/21
- Re: Security implications of (not using) GNUTLS_VERIFY_DO_NOT_ALLOW_SAME, Simon Josefsson, 2010/06/21
- Re: Security implications of (not using) GNUTLS_VERIFY_DO_NOT_ALLOW_SAME, Lars Noschinski, 2010/06/21
- Re: Security implications of (not using) GNUTLS_VERIFY_DO_NOT_ALLOW_SAME, Nikos Mavrogiannopoulos, 2010/06/21
- Re: Security implications of (not using) GNUTLS_VERIFY_DO_NOT_ALLOW_SAME, Lars Noschinski, 2010/06/21
- Re: Security implications of (not using) GNUTLS_VERIFY_DO_NOT_ALLOW_SAME,
Nikos Mavrogiannopoulos <=
- Re: Security implications of (not using) GNUTLS_VERIFY_DO_NOT_ALLOW_SAME, Nikos Mavrogiannopoulos, 2010/06/21
- Re: Security implications of (not using) GNUTLS_VERIFY_DO_NOT_ALLOW_SAME, Lars Noschinski, 2010/06/21
- Re: Security implications of (not using) GNUTLS_VERIFY_DO_NOT_ALLOW_SAME, Nikos Mavrogiannopoulos, 2010/06/21