Verifying server certificate failed?!

Ted Zlatanov tzz at
Fri Mar 16 13:00:54 CET 2012

On Thu, 15 Mar 2012 19:05:40 +0100 Nikos Mavrogiannopoulos <nmav at> wrote: 

NM> On 03/15/2012 04:19 PM, Sven Geggus wrote:
>> So I definitely think gnutls should be more tolerant about
>> certificates which are not in use but provided anyway.

NM> I don't think this is a good idea. The protocol exactly specifies which
NM> certificates should be present. It does not allow any kind of additional
NM> information to be present so by providing it you violate the protocol.

NM> On the practical side, a simpler parser allows for simpler code and
NM> thus less bugs.

Could the error message be improved, if that doesn't complicate the code
too much?


More information about the Gnutls-help mailing list