"known in advance" public key authentication?
Nikos Mavrogiannopoulos
n.mavrogiannopoulos at gmail.com
Sun Nov 18 20:28:37 CET 2012
On 11/15/2012 10:12 PM, Florian Weimer wrote:
> * Nikos Mavrogiannopoulos:
>
>> On 11/07/2012 10:52 PM, Florian Weimer wrote:
>>
>>
>>> Make sure your certificates are valid X.509v3. GNUTLS is extremely
>>> forgiving, and if you've got a widely deployed certificate which
>>> cannot be used with Java (for instance), this can be annoying.
>
>> What do you mean by valid X.509v3? I suppose even the authors of X.509
>> wouldn't even know what that means :) Anything we could improve?
>
> I managed to create a version 1 certificate with extensions. 8-/
Was that using certtool or by the API? If it is the former then it is
indeed a bug, but for the latter I don't know if it's worth the
complexity of the checks.
regards,
Nikos
More information about the Gnutls-help
mailing list