On Fri, 26 Dec 2014 19:50:09 +0200 Nikos Mavrogiannopoulos <[email protected]> wrote:
NM> On Wed, 2014-12-24 at 07:28 -0500, Ted Zlatanov wrote: DE> Nikos Mavrogiannopoulos writes: >> >> Said that, the easiest way to check for a self-signed certificate is >> >> using gnutls_x509_crt_check_issuer() against itself. DE> ...that's way simpler. :-) >> Could this be abstracted into a function so, if GnuTLS implements it >> differently in the future (following the RFC or something else), clients >> don't have to be changed? It seems to be fairly useful. NM> Not sure if I follow. gnutls_x509_crt_check_issuer() is already a NM> function, what do you think should be abstracted into a function? That function checks the issuer. It can be *used* to check if a certificate is self-signed as you explained, but I didn't find that in the docs and IMO that verification feels like it should be an enum in `gnutls_certificate_verify_flags`. Maybe it's good enough to just add that usage to the docs... Ted _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
