[gnutls-devel] GnuTLS | certtool --p7-verify does not mention expired certificates (#839)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Fri Sep 27 12:22:09 CEST 2019



Dmitry Eremin-Solenikov created an issue: https://gitlab.com/gnutls/gnutls/issues/839



## Description of problem:

If one of certificates in a chain is expired `certtool --p7-verify` will just print that
```
	Signature status: verification failed: Public key signature verification has failed.
```
without any additional information.

Compare this with `certtool --verify` output:
```
Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain uses expired certificate. 
```

Which gives more precise information.

## Version of gnutls used:
3.6.9

## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
Debian

## How reproducible:

Steps to Reproduce:

 * `certtool --p7-verify --infile outdated-data.sig  --load-data outdated-data  --inder -d 99 --load-ca-cert ../grfc.crt

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/839
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190927/bdbee640/attachment.html>


More information about the Gnutls-devel mailing list