|
From: | Matthias Wimmer |
Subject: | [Help-gnutls] Certificate verification when using OpenPGP certificates |
Date: | Wed, 14 Mar 2007 20:26:02 +0100 |
User-agent: | Thunderbird 1.5.0.10 (X11/20070307) |
Hi!Is there any example or documentation how to do certificate verification, if the peer used an OpenPGP key to authenticate? The OpenPGP example distributed with GnuTLS (ex-serv-pgp.c) does not do any verification.
I guess that I have to use gnutls_certificate_verify_peers2() first and if that succeeds, all that is left to do is to check if the OpenPGP key contains one ID that matches what I expect the peer to be. Do I have to check anything else? E.g. expiration of the key (as I would have to do with X.509 certificates, but there does not seem to be a function for that) or the self signature of the key (I'd expect that this might already been done by gnutls_certificate_verify_peers2())?
Matthias
[Prev in Thread] | Current Thread | [Next in Thread] |