[gnutls-help] GnuTLS: Building of a certificate chain

Markus Karch dietmakarch at gmail.com
Thu Jul 5 20:21:45 CEST 2018


Hello everyone,

I am trying to verify a certificate with the
gnutls_x509_trust_list_verify_crt()-function
[1]. I can pass a list of trusted CAs with the “list”-parameter.
My problem is that I also have a list of intermediate CAs which I do not
trust but should be used to build the certificate chain. Something like the
chain-parameter in the OpenSSL function X509_STORE_CTX_init
<https://www.openssl.org/docs/man1.0.2/crypto/X509_STORE_CTX_init.html>.
According
to the documentation I can pass the certificate chain including the
certificate which should be verified via the cert_list-parameter of the
gnutls_x509_trust_list_verify_crt()-function . But is there a possibility
to build that chain with a list of untrusted intermediate CAs?

[1] https://www.gnutls.org/manual/gnutls.html#Verifying-
X_002e509-certificate-paths

Thank you very much
ckmk14
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-help/attachments/20180705/45d0ee8f/attachment.html>


More information about the Gnutls-help mailing list