Hi Martin, Am Donnerstag, 31. Dezember 2009 schrieb Martin Preuss: > Hi, > > On Thursday 31 December 2009, Rainer Dorsch wrote: > > Am Donnerstag, 31. Dezember 2009 schrieben Sie: > > [...] > > > Can I dump the AqBanking's cert cache (to verify if the certs do not make > > it into the cache or if the cache lookup does not work for some reason). > > [...] > > Not exactly, however, you can look into > "$HOME/.aqbanking/settings/shared/certs.conf" and check whether it is empty > or not.
r...@blackbox:~/SW.nobackup/gnucash-2.2-branch$ ls -l
$HOME/.aqbanking/settings/shared/certs.conf
-rw------- 1 rd rd 0 31. Dez
15:03 /home/rd/.aqbanking/settings/shared/certs.conf
r...@blackbox:~/SW.nobackup/gnucash-2.2-branch$
Hmm...it is empty, but it is touched.
Should GWEN_DB_GetIntValue() put the certs in the cache?
+ /* Did we get the permanently accepted certs from AqBanking? */
+ if (gui->permanently_accepted_certs) {
+ /* Generate a hex string of the cert_hash for usage by AqBanking cert
store */
+ cert_hash_hex = g_new0(gchar, 33);
+ for (i = 0; i < 16; i++)
+ g_snprintf(cert_hash_hex+2*i, 3, "%02X", (unsigned
char)cert_hash[i]);
+
+ retval=GWEN_DB_GetIntValue(gui->permanently_accepted_certs,
cert_hash_hex, 0, -1);
+ g_free(cert_hash_hex);
+ if (retval == 0) {
+ /* Certificate is marked as accepted in AqBanking's cert store */
+ LEAVE("Certificate accepted by AqBanking's permanent cert
store");
+ return 0;
+ }
+ } else {
+ g_warning("Can't check permanently accepted certs from invalid
AqBanking cert store.");
+ }
Is there a way to increase the verboseness of aqbanking?
Thanks,
Rainer
> AqBanking doesn't store the certificates but rather a checksum over the
> fingerprint of the cert combined with the result of GnuTLS's certificate
> checks.
Do you have any version requirements on GnuTLS? Is 2.4.2 good enough?
Thanks,
Rainer
--
Rainer Dorsch
Lärchenstr. 6
D-72135 Dettenhausen
07157-734133
email: rdor...@web.de
jabber: rdor...@jabber.org
GPG Fingerprint: 5966 C54C 2B3C 42CC 1F4F 8F59 E3A8 C538 7519 141E
Full GPG key: http://pgp.mit.edu/
signature.asc
Description: This is a digitally signed message part.
------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________ Aqbanking-devel mailing list Aqbanking-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/aqbanking-devel
