Remove artificial constraint in _gnutls_x509_verify_certificate

Tomas Mraz tmraz at
Wed Mar 3 12:31:55 CET 2010

On Tue, 2010-03-02 at 22:34 +0100, Nikos Mavrogiannopoulos wrote: 
> Tomas Mraz wrote:
> > Hi,
> > I was examining the current _gnutls_x509_verify_certificate() code and I
> > found that the code does not allow unconditionally accepting the site
> > certificate if it is on the trust list. I think that this is unnecessary
> > restriction which should be removed.
> Please elaborate. What is the scenario that wasn't working before and
> you believe you fixed with this patch?

For example when the site certificate is expired and/or uses unsafe
algorithm for its signature and you put it on the trusted list on client
to alleviate the problem.
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb

More information about the Gnutls-devel mailing list