[Help-gnutls] Re: Certs directory for peer certificate validation

Simon Josefsson jas at extundo.com
Mon May 15 14:05:45 CEST 2006

Albert Chin <help-gnutls at mlists.thewrittenword.com> writes:

> OpenSSL has a directory and path for certificates in PEM format used
> to verify a peer certificate (i.e. CAfile and CApath). Does GnuTLS
> have similar functionality?

GnuTLS does not support reading all files in a directory, but it
supports reading CA certificates in PEM format from a file, see
gnutls_certificate_set_x509_trust_file().  You'll call
gnutls_certificate_verify_peers2() to use it.

IIRC, the file may contain more than one CA certificate, so you should
be able to 'cat /somewhere/openssl/somewhere/* > gnutls-cas.pem' and
use that file, or similar


More information about the Gnutls-help mailing list