"known in advance" public key authentication?
fw at deneb.enyo.de
Sun Nov 18 20:53:23 CET 2012
* Nikos Mavrogiannopoulos:
>>> What do you mean by valid X.509v3? I suppose even the authors of X.509
>>> wouldn't even know what that means :) Anything we could improve?
>> I managed to create a version 1 certificate with extensions. 8-/
> Was that using certtool or by the API? If it is the former then it is
> indeed a bug, but for the latter I don't know if it's worth the
> complexity of the checks.
No, it was using the APIs.
It might sense to add a best-effort certificate sanity checking
function, with explicit warning that future versions might impose
tighter checks. I have to think about it.
More information about the Gnutls-help