[Help-gnutls] Verifying peer's certificate: how to handle certificate chains?
marlam at web.de
Thu Apr 22 23:18:10 CEST 2004
I'm currently using the example code from the documentation section
"Verifying peer's certificate" to verify certificates. A comment
there says that "Real world programs should be able to handle
certificate chains as well".
How? Must *every* certificate in the chain pass all tests (import,
expiration time, activation time, and hostname), or is it sufficient
that there is *one* certificate that passes all tests?
I assume *every* certificate must pass the import, expiration time,
and activation time tests, but only *one* (the first in the chain??)
must pass the hostname check. Is this correct?
More information about the Gnutls-help