On Mon, Jun 21, 2010 at 1:23 PM, Lars Noschinski <[email protected]> wrote:
>> The GNUTLS_VERIFY_DO_NOT_ALLOW_SAME is a flag, to make the trusted >> certificate list, a list that can only certify other keys. That is it >> will not allow a certificate from this list to be used as a server >> certificate. So how it works it depends on your usage of this list. If >> you add end server certificates there maybe >> GNUTLS_VERIFY_DO_NOT_ALLOW_SAME is not a good option for you. But for >> other uses it is quite sensible. > Ok. But in this case, the behaviour I observed seems to be indeed a bug > in gnutls, as my certificate list did not contain the server's > certificate, but only the CA certificates. Then please send me something I can reproduce (such as the smallest possible list that I can use to verify the problem and how I can verify it). regards, Nikos _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
