[Help-gnutls] Re: CA cert verification
Martin Lambers
marlam at marlam.de
Wed Aug 24 17:58:13 CEST 2005
On Wed, 24. Aug 2005, 12:15:52 +0200, Simon Josefsson wrote:
> Good idea, I added:
>
> * Note that some commonly used X.509 Certificate Authorities are
> * still using Version 1 certificates. If you want to accept them,
> * you need to call gnutls_certificate_set_verify_flags() with, e.g.,
> * %GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT parameter.
What is the reason why Version 1 certificates are not accepted by
default? Is it safe to always set the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT
flag?
Martin
More information about the Gnutls-help
mailing list