Re: Checking CA expiration

help-gnutls

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Checking CA expiration

From:	Nikos Mavrogiannopoulos
Subject:	Re: Checking CA expiration
Date:	Thu, 20 Oct 2011 09:34:07 +0200
User-agent:	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.21) Gecko/20110831 Icedove/3.1.13

On 10/19/2011 08:30 PM, Michael Welsh Duggan wrote:

In our code, we add CAs to our credentials using
gnutls_set_x509_trust_file.  In gnutls 2.x, we then get a list of the
CAs using gnutls_certificate_get_x509_cas which we then use to verify
that at least one of the CAs has not yet expired.  We want to do this
_before_ initiating a session.
Is this possible in gnutls 3.x?  gnutls_certificate_get_x509_cas has
gone away, supposedly in favor of gnutls_certificate_get_issuer(), but
that requires an existing session.

Why not use gnutls_x509_crt_list_import() orgnutls_x509_crt_list_import2() and traverse the list of the CAs? Theaccess to the the CA list in the credentials structure has beenrestricted to allow for future internal changes.


regards,
Nikos

[Prev in Thread]

Current Thread

[Next in Thread]

Checking CA expiration, Michael Welsh Duggan, 2011/10/19
- Re: Checking CA expiration, Nikos Mavrogiannopoulos <=
  - Re: Checking CA expiration, Michael Welsh Duggan, 2011/10/20

Prev by Date: Checking CA expiration
Next by Date: gnutls 2.12.12
Previous by thread: Checking CA expiration
Next by thread: Re: Checking CA expiration
Index(es):
- Date
- Thread