[gnutls-devel] [sr #108634] Getter functions for gnutls_certificate_credentials_t

Armin Burgmeier armin at arbur.net
Fri Sep 12 17:10:21 CEST 2014


On Fri, 2014-09-12 at 08:41 +0200, Nikos Mavrogiannopoulos wrote:
> On Wed, Sep 10, 2014 at 5:50 PM, Nikos Mavrogiannopoulos <nmav at gnu.org> wrote:
> >> The value from the additional check is that I don't have to bug my users
> >> with an extra dialog when the server has a certificate that is issued by
> >> a trusted CA. Only when that is not the case I resort to
> >> trust-on-first-use. Then yes, an attacker could present an arbitrary
> >> certificate; but if the user has connected to the server before already
> >> it will detect that the certificate is different from the previous
> >> connection attempt.
> > Ok, I understand. I believe a small modification of the verification
> > functions would allow such usage. I don't have much time for such a
> > change but that could be added in  3.4.0 todo list.
> 
> I should have added here, that if there is a patch, I'd review it of
> course (and something like that would speed up the process).

Yes, I'll try to come up with a patch.

While trying to build from git master I noticed that in commit 469f8fb
you added pkcs11x.c to lib/Makefile.am, however that file does not exist
in the repository... did you maybe forget to git add it?

Cheers,
Armin




More information about the Gnutls-devel mailing list