Hi Martin, Am Donnerstag, 31. Dezember 2009 schrieb Martin Preuss: > Hi, > > On Thursday 31 December 2009, Rainer Dorsch wrote: > > Am Donnerstag, 31. Dezember 2009 schrieben Sie: > > [...] > > > Can I dump the AqBanking's cert cache (to verify if the certs do not make > > it into the cache or if the cache lookup does not work for some reason). > > [...] > > Not exactly, however, you can look into > "$HOME/.aqbanking/settings/shared/certs.conf" and check whether it is empty > or not.
r...@blackbox:~/SW.nobackup/gnucash-2.2-branch$ ls -l $HOME/.aqbanking/settings/shared/certs.conf -rw------- 1 rd rd 0 31. Dez 15:03 /home/rd/.aqbanking/settings/shared/certs.conf r...@blackbox:~/SW.nobackup/gnucash-2.2-branch$ Hmm...it is empty, but it is touched. Should GWEN_DB_GetIntValue() put the certs in the cache? + /* Did we get the permanently accepted certs from AqBanking? */ + if (gui->permanently_accepted_certs) { + /* Generate a hex string of the cert_hash for usage by AqBanking cert store */ + cert_hash_hex = g_new0(gchar, 33); + for (i = 0; i < 16; i++) + g_snprintf(cert_hash_hex+2*i, 3, "%02X", (unsigned char)cert_hash[i]); + + retval=GWEN_DB_GetIntValue(gui->permanently_accepted_certs, cert_hash_hex, 0, -1); + g_free(cert_hash_hex); + if (retval == 0) { + /* Certificate is marked as accepted in AqBanking's cert store */ + LEAVE("Certificate accepted by AqBanking's permanent cert store"); + return 0; + } + } else { + g_warning("Can't check permanently accepted certs from invalid AqBanking cert store."); + } Is there a way to increase the verboseness of aqbanking? Thanks, Rainer > AqBanking doesn't store the certificates but rather a checksum over the > fingerprint of the cert combined with the result of GnuTLS's certificate > checks. Do you have any version requirements on GnuTLS? Is 2.4.2 good enough? Thanks, Rainer -- Rainer Dorsch Lärchenstr. 6 D-72135 Dettenhausen 07157-734133 email: rdor...@web.de jabber: rdor...@jabber.org GPG Fingerprint: 5966 C54C 2B3C 42CC 1F4F 8F59 E3A8 C538 7519 141E Full GPG key: http://pgp.mit.edu/
signature.asc
Description: This is a digitally signed message part.
------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________ Aqbanking-devel mailing list Aqbanking-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/aqbanking-devel