[gnutls-devel] simplifying certificate verification

Ted Zlatanov tzz at lifelogs.com
Tue Sep 8 16:21:49 CEST 2015

On Mon, 24 Aug 2015 13:58:08 +0200 Nikos Mavrogiannopoulos <n.mavrogiannopoulos at gmail.com> wrote: 

NM> One the pains in using gnutls is the fact that there is needed quite
NM> some copy-paste code to perform certificate verification. I decided to
NM> simplify that from 3.5.0, using a function called
NM> gnutls_session_auto_verify_cert(), and the result can be seen on the
NM> following example
NM> I'd appreciate any comments or suggestions for improving that interface [0].

NM> [0]. https://gitlab.com/gnutls/gnutls/blob/master/lib/includes/gnutls/gnutls.h.in#L1296

To me it looks nice and usable. Are there reasons not to use it (other
than backwards compatibility)?  Any logging gotchas for the users (since
the logging will change from their point of view if a GnuTLS upgrade
triggers the use of gnutls_session_auto_verify_cert())?


More information about the Gnutls-devel mailing list