[gnutls-devel] Unable to trust server certificate instead of issueing CA
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Dec 4 18:40:49 CET 2014
On 12/04/2014 09:27 AM, Nikos Mavrogiannopoulos wrote:
> . Please feel free to point out any locations in the documentation
> that could be improved.
What do you think about propagating a warning out to the calling app if
any of the certs loaded by gnutls_certificate_set_x509_trust_file() has
(i'm not suggesting this is the only documentation change needed, i'm
just thinking through how to communicate this subtle semantic API shift
to users and downstream developers)
Do you think there's any additional interface that needs to be added to
gnutls-cli to load (<peername>,<peercert>) bindings, or should we expect
people to use --tofu for this purpose?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 949 bytes
Desc: OpenPGP digital signature
More information about the Gnutls-devel