Nikos Mavrogiannopoulos <[email protected]> writes: > On 10/19/2011 08:30 PM, Michael Welsh Duggan wrote: >> In our code, we add CAs to our credentials using >> gnutls_set_x509_trust_file. In gnutls 2.x, we then get a list of the >> CAs using gnutls_certificate_get_x509_cas which we then use to verify >> that at least one of the CAs has not yet expired. We want to do this >> _before_ initiating a session. >> Is this possible in gnutls 3.x? gnutls_certificate_get_x509_cas has >> gone away, supposedly in favor of gnutls_certificate_get_issuer(), but >> that requires an existing session. > > Why not use gnutls_x509_crt_list_import() or > gnutls_x509_crt_list_import2() and traverse the list of the CAs? The > access to the the CA list in the credentials structure has been > restricted to allow for future internal changes.
Yup this works. There are so many API calls, it can be difficult to determine which ones to use. -- Michael Welsh Duggan ([email protected]) _______________________________________________ Help-gnutls mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-gnutls
