[Help-gnutls] Re: libgnutls: Verifying certificate chains, disconnected

Nikos Mavrogiannopoulos nmav at gnutls.org
Fri Oct 19 14:45:31 CEST 2007


On Friday 19 October 2007, Colin Leroy wrote:

> > > Do you have any pointers for that?
> >
> > Check the source code for gnutls_certificate_verify_peers2, it
> > contains what you have to do externally.  I don't think if there is a
> > better interface available.
>
> I've looked at it, but this code seems really closely interlaced with
> things done at session start, and I couldn't figure out how to get the
> certificates list starting from a gnutls_x509_crt...

I don't really understand what you want to do. Do you have certificates in 
gnutls_x509_crt structures and you want to verify them? Or do you have them 
in der (or pem) format and you want to import them to x509_crt structures?

We do certificate verification in certtool using the --verify-chain option, is 
this the functionality you are trying to achieve?

regards,
Nikos





More information about the Gnutls-help mailing list