Scott Schaeffner <[EMAIL PROTECTED]> writes: > Hello, > > Here the message (response to gnu.org #388183) I'd like to post: > ---------------------------------------------------------------- >>I don't see any clear notes on the page you linked explaining >>specifically what "shell" and "chain" mean in this context. > > > > The power point presentation > http://www.bundesnetzagentur.de/media/archive/1894.pps#259 shows the > differences concerning the two different validation models. > > > > I furthermore found a note that indicates that in germany the chain model is > required (http://www.adobe.com/devnet/acrobat/pdfs/admin_guide.pdf section > 5.4.4.2) > > > > I did not have a detailed look into the implementation yet, so I am not > sure if gnutls offers one function for a certificate chain validation > or if you have to implement the verification of the chain on your own > and gnutls only offers the functions for that.
I'm not sure I understand the difference between the shell vs chain models based on that powerpoint, but I can say that there is only one algorithm implemented in gnutls for x.509 validation, and it validates X.509 paths in a chaining way. Whether that matches what you are looking for is not clear to me. You can read the code in lib/x509/verify.c. /Simon _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
