Re: GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT breaks certificate verification

[Nikos Mavrogiannopoulos]

On Tue, Oct 30, 2012 at 2:17 PM, Nikos Mavrogiannopoulos
<address@hidden> wrote:

> The GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT is a dangerous flag and you
> shouldn't use it unless you really know the consequences. In short it
> means that an end-user certificate may pretend to be a CA.

Sorry, my comments were for the GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT
flag which you don't use. The flag GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT
is enabled by default so you don't have to set it.

regards,
Nikos