Hi, I read in your docs on "gnutls_certificate_get_crt_raw ()" that it intends to "return the DER encoded certificate of the server". That raises a few questions.
1. Did you mean to return the _peer_ certificate, or always the _server_ certificate? 2. When the certificate is not DER-encoded, do you recode it? That would be quite useful! This is not a PEM-or-DER question but BER-or-DER. The TBSCertificate needs to be canonical so DER, but the Certificate around it may be BER, as specified in . Not sure everyone knows this... and having it repackaged would be pleasant to stop bugs caused by it. I'm going by RFC 3280/5280, and RFC 8446 details DER for every CertificateEntry, but I don't believe that RFC 5246 does the same? Sorry for the attention of detail, it might be a security thing... Cheers, -Rick _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
