"known in advance" public key authentication?

Nikos Mavrogiannopoulos n.mavrogiannopoulos at gmail.com
Sun Nov 18 20:28:37 CET 2012

On 11/15/2012 10:12 PM, Florian Weimer wrote:

> * Nikos Mavrogiannopoulos:
>> On 11/07/2012 10:52 PM, Florian Weimer wrote:
>>> Make sure your certificates are valid X.509v3.  GNUTLS is extremely
>>> forgiving, and if you've got a widely deployed certificate which
>>> cannot be used with Java (for instance), this can be annoying.
>> What do you mean by valid X.509v3? I suppose even the authors of X.509
>> wouldn't even know what that means :) Anything we could improve?
> I managed to create a version 1 certificate with extensions. 8-/

Was that using certtool or by the API? If it is the former then it is
indeed a bug, but for the latter I don't know if it's worth the
complexity of the checks.


More information about the Gnutls-help mailing list