Verifying server certificate failed?!

Nikos Mavrogiannopoulos nmav at
Thu Mar 15 19:05:40 CET 2012

On 03/15/2012 04:19 PM, Sven Geggus wrote:

> So I definitely think gnutls should be more tolerant about

> certificates which are not in use but provided anyway.

I don't think this is a good idea. The protocol exactly specifies which
certificates should be present. It does not allow any kind of additional
information to be present so by providing it you violate the protocol.

On the practical side, a simpler parser allows for simpler code and
thus less bugs.


More information about the Gnutls-help mailing list