[gnutls-devel] GnuTLS | x509: check certificate trust status when adding CA through AIA (!1354)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Mon Nov 30 17:31:50 CET 2020
Michael Catanzaro started a new discussion on lib/cert-cred.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1354#note_457282115
> * The callback function should return 0 if the missing issuer certificate
> * for 'crt' was properly populated and added to the 'tlist' using
> * gnutls_x509_trust_list_add_cas() or non-zero to continue the certificate list
> * verification but with issuer as %NULL.
Hi, sorry for the delay. I'm testing this now. This last two paragraphs of the documentation are no longer correct: the callback should no longer attempt to verify the certificate or modify the tlist. Instead, it should return 0 if the 'issuers' array was successfully imported, or non-zero to continue the certificate list verification but with issuer as %NULL.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1354#note_457282115
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20201130/6d143a04/attachment.html>
More information about the Gnutls-devel
mailing list