[Help-gnutls] Is gnutls using the shell model or the chain model for a certificate validation
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Nov 6 20:18:20 CET 2008
On Thu 2008-11-06 07:38:28 -0500, Scott Schaeffner wrote:
> gnupgp contains a parameter to determine which of these two certificate
> validation models (shell or chain - --validation-model) shall be used
> (http://gnupg.org/documentation/manuals/gnupg/Certificate-Options.html).
To be clear, this gpg documentation is in the "GPGSM Options" section,
so it refers to the X.509 certificates, not OpenPGP certificates,
correct?
> I was looking into the gnutls manual and did not find a statement
> concerning the validation model that is being used.
I don't see any clear notes on the page you linked explaining
specifically what "shell" and "chain" mean in this context. However,
GnuTLS has several functions that can be used for X.509 certificate
validation:
http://www.gnu.org/software/gnutls/manual/html_node/Verifying-X_002e509-certificate-paths.html
http://www.gnu.org/software/gnutls/manual/html_node/X_002e509-certificate-functions.html
You should be able to use those functions to build a certificate
validation that meets your specific needs. What are you trying to do?
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 826 bytes
Desc: not available
URL: </pipermail/attachments/20081106/269dfa3a/attachment.pgp>
More information about the Gnutls-help
mailing list