Daniel Stenberg <[EMAIL PROTECTED]> writes: >>> $ curl -v https://gmail.google.com/ --cacert >>> /usr/share/curl/curl-ca-bundle.crt >> What does gnutls-cli gives with the same input? > > (Still using 1.2.0) > > $ gnutls-cli --x509certfile /usr/share/curl/curl-ca-bundle.crt > gmail.google.com > ... > - Peer's certificate issuer is unknown > - Peer's certificate is NOT trusted > ... > > So it seems it agrees with what my code ends up thinking... ? Or am I not > doing the right gnutls-cli command line? > > Any chance this is a problem that has been fixed since this version I use?
Using gnutls-cli from GnuTLS 1.2.6 appears to be able to connect and verify the peer fine here (see below). Cheers, Simon [EMAIL PROTECTED]:~$ gnutls-cli --x509cafile /usr/share/curl/curl-ca-bundle.crt gmail.google.com Processed 59 CA certificate(s). Resolving 'gmail.google.com'... Connecting to '64.233.183.107:443'... - Certificate type: X.509 - Got a certificate list of 2 certificates. - Certificate[0] info: # The hostname in the certificate matches 'gmail.google.com'. # valid since: Wed Jun 8 00:12:57 CEST 2005 # expires at: Thu Jun 8 00:12:57 CEST 2006 # fingerprint: 1E:56:99:FD:16:73:C1:95:8F:9F:AD:43:29:F1:93:5A # Subject's DN: C=US,ST=California,L=Mountain View,O=Google Inc,CN=gmail.google.com # Issuer's DN: C=ZA,O=Thawte Consulting (Pty) Ltd.,CN=Thawte SGC CA - Certificate[1] info: # valid since: Thu May 13 02:00:00 CEST 2004 # expires at: Tue May 13 01:59:59 CEST 2014 # fingerprint: 84:84:03:56:10:85:53:ED:9A:CA:60:B5:FA:99:D3:31 # Subject's DN: C=ZA,O=Thawte Consulting (Pty) Ltd.,CN=Thawte SGC CA # Issuer's DN: C=US,O=VeriSign\, Inc.,OU=Class 3 Public Primary Certification Authority - Peer's certificate is trusted - Version: TLS 1.0 - Key Exchange: RSA - Cipher: AES 256 CBC - MAC: SHA - Compression: NULL - Handshake was completed - Simple Client Mode: ... _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
