Hello everyone, I am trying to verify a certificate with the gnutls_x509_trust_list_verify_crt()-function [1]. I can pass a list of trusted CAs with the “list”-parameter. My problem is that I also have a list of intermediate CAs which I do not trust but should be used to build the certificate chain. Something like the chain-parameter in the OpenSSL function X509_STORE_CTX_init <https://www.openssl.org/docs/man1.0.2/crypto/X509_STORE_CTX_init.html>. According to the documentation I can pass the certificate chain including the certificate which should be verified via the cert_list-parameter of the gnutls_x509_trust_list_verify_crt()-function . But is there a possibility to build that chain with a list of untrusted intermediate CAs?
[1] https://www.gnutls.org/manual/gnutls.html#Verifying- X_002e509-certificate-paths Thank you very much ckmk14
_______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
