[gnutls-help] Detect whether certificate is self-signed

Ted Zlatanov tzz at lifelogs.com
Thu Jan 8 18:22:02 CET 2015

On Fri, 26 Dec 2014 19:50:09 +0200 Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote: 

NM> On Wed, 2014-12-24 at 07:28 -0500, Ted Zlatanov wrote:
DE> Nikos Mavrogiannopoulos writes:
>> >> Said that, the easiest way to check for a self-signed certificate is
>> >> using gnutls_x509_crt_check_issuer() against itself.
DE> ...that's way simpler. :-)
>> Could this be abstracted into a function so, if GnuTLS implements it
>> differently in the future (following the RFC or something else), clients
>> don't have to be changed?  It seems to be fairly useful.

NM>  Not sure if I follow. gnutls_x509_crt_check_issuer() is already a
NM> function, what do you think should be abstracted into a function? 

That function checks the issuer. It can be *used* to check if a
certificate is self-signed as you explained, but I didn't find that in
the docs and IMO that verification feels like it should be an enum in
`gnutls_certificate_verify_flags`.  Maybe it's good enough to just add
that usage to the docs...


More information about the Gnutls-help mailing list