Remove artificial constraint in _gnutls_x509_verify_certificate
Tomas Mraz
tmraz at redhat.com
Wed Mar 3 12:31:55 CET 2010
On Tue, 2010-03-02 at 22:34 +0100, Nikos Mavrogiannopoulos wrote:
> Tomas Mraz wrote:
> > Hi,
> > I was examining the current _gnutls_x509_verify_certificate() code and I
> > found that the code does not allow unconditionally accepting the site
> > certificate if it is on the trust list. I think that this is unnecessary
> > restriction which should be removed.
>
> Please elaborate. What is the scenario that wasn't working before and
> you believe you fixed with this patch?
For example when the site certificate is expired and/or uses unsafe
algorithm for its signature and you put it on the trusted list on client
to alleviate the problem.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
More information about the Gnutls-devel
mailing list