On Fri, Jun 4, 2010 at 10:49 AM, Florian Weimer <[email protected]> wrote: > * Nikos Mavrogiannopoulos: > >>> May I assume that the first certificate returned by >>> gnutls_certifcate_get_peers contains public key material which >>> actually corresponds to the private key material which was used to >>> establish the ssession? > >> No. That would be the last certificate in the chain. > > But the documentation says: > > Get the peer's raw certificate (chain) as sent by the peer. These > certificates are in raw format (DER encoded for X.509). In case of > a X.509 then a certificate list may be present. The first > certificate in the list is the peer's certificate, following the > issuer's certificate, then the issuer's issuer etc. > So which one is correct? 8-)
The documentation is correct. Did I really say the thing above? :) regards, Nikos _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
