On 28 October 2012 02:31, Nikos Mavrogiannopoulos <[email protected]> wrote: > On 10/26/2012 03:15 PM, Michal Suchanek wrote: > >> Hello, >> >> gnutls does not verify a certificate when the intermediate CA >> certificate is expired. > > > If the intermediate certificate is expired why would you consider it > valid? You may ignore expiration failures if your application doesn't > care, but gnutls cannot ignore them. >
Does that imply that a CA that signs a cert that is supposed to be valid for 2yrs using an intermediate cert that is valid for 20 months essentially makes a cert for 20 months only because for the remaining 4 months the cert will be invalid? The application will, of course, use whatever gnutls supplies for cert validation so when the cert does not validate in gnutls it will not validate in any app using the library unless the authors went out of their way to examine the certificate chain manually. Thanks Michal _______________________________________________ Help-gnutls mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-gnutls
