Checking CA expiration

Michael Welsh Duggan mwd at cert.org
Wed Oct 19 20:30:44 CEST 2011


In our code, we add CAs to our credentials using
gnutls_set_x509_trust_file.  In gnutls 2.x, we then get a list of the
CAs using gnutls_certificate_get_x509_cas which we then use to verify
that at least one of the CAs has not yet expired.  We want to do this
_before_ initiating a session.

Is this possible in gnutls 3.x?  gnutls_certificate_get_x509_cas has
gone away, supposedly in favor of gnutls_certificate_get_issuer(), but
that requires an existing session.

-- 
Michael Welsh Duggan
(mwd at cert.org)




More information about the Gnutls-help mailing list