[Help-gnutls] Re: libgnutls: Verifying certificate chains, disconnected
Nikos Mavrogiannopoulos
nmav at gnutls.org
Fri Oct 19 14:45:31 CEST 2007
On Friday 19 October 2007, Colin Leroy wrote:
> > > Do you have any pointers for that?
> >
> > Check the source code for gnutls_certificate_verify_peers2, it
> > contains what you have to do externally. I don't think if there is a
> > better interface available.
>
> I've looked at it, but this code seems really closely interlaced with
> things done at session start, and I couldn't figure out how to get the
> certificates list starting from a gnutls_x509_crt...
I don't really understand what you want to do. Do you have certificates in
gnutls_x509_crt structures and you want to verify them? Or do you have them
in der (or pem) format and you want to import them to x509_crt structures?
We do certificate verification in certtool using the --verify-chain option, is
this the functionality you are trying to achieve?
regards,
Nikos
More information about the Gnutls-help
mailing list