certificate validation callbacks [was: Re: validating SAN URIs in gntls]

Nikos Mavrogiannopoulos nmav at gnutls.org
Tue Mar 8 09:27:52 CET 2011

On Mon, Mar 7, 2011 at 8:19 PM, Daniel Kahn Gillmor
<dkg at fifthhorseman.net> wrote:
> On 03/07/2011 01:30 PM, peter williams wrote:
>> One might want to think about enabling GNUTLS server's to easily add a
>> validation callback *mechanism* for the case that SAN URI(s) (possibly
>> plural) are received in client certs.
> certificate validation callbacks would be a very nice thing to have,
> particularly if they include information about which particular session
> is triggering the verification.

I don't really understand about what kind of callbacks is the discussion about.
Isn't the callback set by gnutls_certificate_set_verify_function() sufficient?


More information about the Gnutls-devel mailing list