[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: recommendations for storage of accepted certificates
From: |
Nikos Mavrogiannopoulos |
Subject: |
Re: recommendations for storage of accepted certificates |
Date: |
Mon, 4 Oct 2010 08:17:21 +0200 |
2010/10/4 Ted Zlatanov <address@hidden>:
> NM> What do you mean by unknown server? Do you mean known but untrusted? In
> NM> any case gnutls doesn't provide such facility for any of them. It was
> NM> considered to be application specific (now I'm looking for a solution to
> NM> that using pkcs11, but wouldn't be available soon).
>
> Sorry for the badly phrased questions. Yes: I mean I connect to a known
> server but its certificate is not trusted (I let GnuTLS verify the
> certificate chain). Would I just look at the error and ask the user to
> accept the certificate and retry? I was hoping to do it during the
> handshake with a callback function.
You can do it during the handshake. There is a callback function that
provides you with the peer certificate and you can do verification there.
regards,
Nikos
- recommendations for storage of accepted certificates, Ted Zlatanov, 2010/10/01
- Re: recommendations for storage of accepted certificates, Nikos Mavrogiannopoulos, 2010/10/02
- Re: recommendations for storage of accepted certificates, Ted Zlatanov, 2010/10/02
- Re: recommendations for storage of accepted certificates, Nikos Mavrogiannopoulos, 2010/10/03
- Re: recommendations for storage of accepted certificates, Nikos Mavrogiannopoulos, 2010/10/03
- Re: recommendations for storage of accepted certificates, Ted Zlatanov, 2010/10/03
- Re: recommendations for storage of accepted certificates,
Nikos Mavrogiannopoulos <=
- Re: recommendations for storage of accepted certificates, Ted Zlatanov, 2010/10/05
- Re: recommendations for storage of accepted certificates, Nikos Mavrogiannopoulos, 2010/10/07
- Re: recommendations for storage of accepted certificates, Ted Zlatanov, 2010/10/07