supporting out-of-process certificate validation

Werner Koch wk at gnupg.org
Wed Nov 12 09:59:31 CET 2008


On Wed, 12 Nov 2008 09:27, simon at josefsson.org said:

> I think we can share many ideas and even code from GnuPG 2.x, so it
> would be useful if people familiar with that code helped us here.  (Hi

For a test you may use 

  $ dirmngr-client --validate y.crt
  dirmngr-client: certificate is valid

  $ dirmngr-client --validate x.crt
  dirmngr-client: validation of certificate failed: Certificate expired

This is a very simple tool which connects to the dirmngr and asks it to
validate a certificate by using dirmngr's own validation code.  It is
actually a debugging fature for the validation code.  Using the dirmngr
daemon has the advantage that it will cache certificates and validation
results and try to get missing certificates from other places.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.






More information about the Gnutls-devel mailing list