gnuTLS issues

Nikos Mavrogiannopoulos nmav at gnutls.org
Wed Aug 27 17:54:12 CEST 2008


On Wed, Aug 27, 2008 at 5:46 PM, Simon Josefsson <simon at josefsson.org> wrote:
> Ah, no.  What I suggest is to remove the code to read PKCS#7 certificate
> chains in the gnutls_certificate_set_x509_key* functions.
>
> The current code hasn't worked since v0.9.0 and apparently nobody has
> missed it, see tests/set_pkcs7_cred.c for example code.  Storing
> certificate chains in PKCS#7 blobs is not what that standard is intended
> for.  Getting rid of the code may speed up loading certificate slightly,
> and will definitely improve code readability.
>
> The PKCS#7 functions used by certtool --p7-info are fine.
> What do you think?

ok then! I thought you were talking about the whole pkcs7 parsing functionality.

regards,
Nikos





More information about the Gnutls-devel mailing list