[gnutls-devel] [sr #108634] Getter functions for gnutls_certificate_credentials_t
nmav at gnu.org
Fri Sep 12 08:41:36 CEST 2014
On Wed, Sep 10, 2014 at 5:50 PM, Nikos Mavrogiannopoulos <nmav at gnu.org> wrote:
>> The value from the additional check is that I don't have to bug my users
>> with an extra dialog when the server has a certificate that is issued by
>> a trusted CA. Only when that is not the case I resort to
>> trust-on-first-use. Then yes, an attacker could present an arbitrary
>> certificate; but if the user has connected to the server before already
>> it will detect that the certificate is different from the previous
>> connection attempt.
> Ok, I understand. I believe a small modification of the verification
> functions would allow such usage. I don't have much time for such a
> change but that could be added in 3.4.0 todo list.
I should have added here, that if there is a patch, I'd review it of
course (and something like that would speed up the process).
More information about the Gnutls-devel