recommendations for storage of accepted certificates
Nikos Mavrogiannopoulos
nmav at gnutls.org
Mon Oct 4 08:17:21 CEST 2010
2010/10/4 Ted Zlatanov <tzz at lifelogs.com>:
> NM> What do you mean by unknown server? Do you mean known but untrusted? In
> NM> any case gnutls doesn't provide such facility for any of them. It was
> NM> considered to be application specific (now I'm looking for a solution to
> NM> that using pkcs11, but wouldn't be available soon).
>
> Sorry for the badly phrased questions. Yes: I mean I connect to a known
> server but its certificate is not trusted (I let GnuTLS verify the
> certificate chain). Would I just look at the error and ask the user to
> accept the certificate and retry? I was hoping to do it during the
> handshake with a callback function.
You can do it during the handshake. There is a callback function that
provides you with the peer certificate and you can do verification there.
regards,
Nikos
More information about the Gnutls-devel
mailing list