[gnutls-devel] GnuTLS | Check key purpose on gnutls_certificate_verify_peers3/2 (#808)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Mon Jul 29 10:04:10 CEST 2019

Nikos Mavrogiannopoulos commented:

They key purpose referenced above is:
   id-kp-serverAuth             OBJECT IDENTIFIER ::= { id-kp 1 }
   -- TLS WWW server authentication
   -- Key usage bits that may be consistent: digitalSignature,
   -- keyEncipherment or keyAgreement

   id-kp-clientAuth             OBJECT IDENTIFIER ::= { id-kp 2 }
   -- TLS WWW client authentication
   -- Key usage bits that may be consistent: digitalSignature
   -- and/or keyAgreement

Note that I may be mistaken on that request since this is specific about `WWW` client and server auth, and not general authentication.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/808#note_196920887
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190729/f8292ce4/attachment.html>

More information about the Gnutls-devel mailing list