On Tue, 23 Aug 2005, Nikos Mavrogiannopoulos wrote:
Thanks for responding!
gnutls_certificate_set_x509_trust_file() - if a CA file has been provided
You may want to check the return value to see how many certificates were
loaded.
It returns 59.
And incidently:
$ grep -c "BEGIN CERTIFICATE" /usr/share/curl/curl-ca-bundle.crt
59
gnutls_certificate_verify_peers2() - this seems to always return error with
the 'verify_status' integer (that the second argument points to) set to 66
on exit.
What is the error number returned? The status is garbage if this function
returns an error code.
It returns zero. It bails out in case it returns a < 0 value.
The sequence looks good. It is just like gnutls-cli, so the problem is
somewhere in the details.
$ curl -v https://gmail.google.com/ --cacert
/usr/share/curl/curl-ca-bundle.crt
What does gnutls-cli gives with the same input?
(Still using 1.2.0)
$ gnutls-cli --x509certfile /usr/share/curl/curl-ca-bundle.crt gmail.google.com
...
- Peer's certificate issuer is unknown
- Peer's certificate is NOT trusted
...
So it seems it agrees with what my code ends up thinking... ? Or am I not
doing the right gnutls-cli command line?
Any chance this is a problem that has been fixed since this version I use?
The same verifying command line, using the openssl tool I believe would be:
$ openssl s_client -connect gmail.google.com:443 -CAfile
/usr/share/curl/curl-ca-bundle.crt
It reports success.
--
-=- Daniel Stenberg -=- http://daniel.haxx.se -=-
ech`echo xiun|tr nu oc|sed 'sx\([sx]\)\([xoi]\)xo un\2\1 is xg'`ol
_______________________________________________
Help-gnutls mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/help-gnutls
