[gnutls-devel] GnuTLS | certtool --p7-verify does not mention expired certificates (#839)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Fri Sep 27 12:22:09 CEST 2019
Dmitry Eremin-Solenikov created an issue: https://gitlab.com/gnutls/gnutls/issues/839
## Description of problem:
If one of certificates in a chain is expired `certtool --p7-verify` will just print that
```
Signature status: verification failed: Public key signature verification has failed.
```
without any additional information.
Compare this with `certtool --verify` output:
```
Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain uses expired certificate.
```
Which gives more precise information.
## Version of gnutls used:
3.6.9
## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
Debian
## How reproducible:
Steps to Reproduce:
* `certtool --p7-verify --infile outdated-data.sig --load-data outdated-data --inder -d 99 --load-ca-cert ../grfc.crt
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/839
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190927/bdbee640/attachment.html>
More information about the Gnutls-devel
mailing list