[Help-gnutls] Re: gnutls_certificate_get_peers() and expired certs
Simon Josefsson
simon at josefsson.org
Mon May 26 14:27:07 CEST 2008
"Rainer Gerhards" <rgerhards at gmail.com> writes:
> Hi list,
>
> I have used gnutls_certificate_get_peers() with expired certificates.
> The validation check returned successfully. From the documentation it
> looks like this is expected behavior and I always must check this
> manually. Please let me know if my assumption is correct (I would like
> to implement in the best possible way and not use customer code where
> I can rely on the library itself).
Hi, yes, you need to check expiration dates yourself. See the examples
on how to do this:
http://www.gnu.org/software/gnutls/manual/html_node/Verifying-peer_0027s-certificate.html
/Simon
More information about the Gnutls-help
mailing list