"known in advance" public key authentication?

Florian Weimer fw at deneb.enyo.de
Sun Nov 18 20:53:23 CET 2012

* Nikos Mavrogiannopoulos:

>>> What do you mean by valid X.509v3? I suppose even the authors of X.509
>>> wouldn't even know what that means :) Anything we could improve?
>> I managed to create a version 1 certificate with extensions. 8-/

> Was that using certtool or by the API? If it is the former then it is
> indeed a bug, but for the latter I don't know if it's worth the
> complexity of the checks.

No, it was using the APIs.

It might sense to add a best-effort certificate sanity checking
function, with explicit warning that future versions might impose
tighter checks.  I have to think about it.

More information about the Gnutls-help mailing list