recommendations for storage of accepted certificates

Nikos Mavrogiannopoulos nmav at
Mon Oct 4 08:17:21 CEST 2010

2010/10/4 Ted Zlatanov <tzz at>:

> NM> What do you mean by unknown server? Do you mean known but untrusted? In
> NM> any case gnutls doesn't provide such facility for any of them. It was
> NM> considered to be application specific (now I'm looking for a solution to
> NM> that using pkcs11, but wouldn't be available soon).
> Sorry for the badly phrased questions.  Yes: I mean I connect to a known
> server but its certificate is not trusted (I let GnuTLS verify the
> certificate chain).  Would I just look at the error and ask the user to
> accept the certificate and retry?  I was hoping to do it during the
> handshake with a callback function.

You can do it during the handshake. There is a callback function that
provides you with the peer certificate and you can do verification there.


More information about the Gnutls-devel mailing list