[Help-gnutls] Re: Certs directory for peer certificate validation
Simon Josefsson
jas at extundo.com
Mon May 15 14:05:45 CEST 2006
Albert Chin <help-gnutls at mlists.thewrittenword.com> writes:
> OpenSSL has a directory and path for certificates in PEM format used
> to verify a peer certificate (i.e. CAfile and CApath). Does GnuTLS
> have similar functionality?
GnuTLS does not support reading all files in a directory, but it
supports reading CA certificates in PEM format from a file, see
gnutls_certificate_set_x509_trust_file(). You'll call
gnutls_certificate_verify_peers2() to use it.
IIRC, the file may contain more than one CA certificate, so you should
be able to 'cat /somewhere/openssl/somewhere/* > gnutls-cas.pem' and
use that file, or similar
Regards,
Simon
More information about the Gnutls-help
mailing list