[Help-gnutls] Re: CA cert verification

Martin Lambers marlam at marlam.de
Wed Aug 24 17:58:13 CEST 2005


On Wed, 24. Aug 2005, 12:15:52 +0200, Simon Josefsson wrote:
> Good idea, I added:
> 
>   * Note that some commonly used X.509 Certificate Authorities are
>   * still using Version 1 certificates.  If you want to accept them,
>   * you need to call gnutls_certificate_set_verify_flags() with, e.g.,
>   * %GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT parameter.

What is the reason why Version 1 certificates are not accepted by
default? Is it safe to always set the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT
flag?

Martin





More information about the Gnutls-help mailing list