On Tue, Oct 30, 2012 at 2:17 PM, Nikos Mavrogiannopoulos <[email protected]> wrote:
> The GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT is a dangerous flag and you > shouldn't use it unless you really know the consequences. In short it > means that an end-user certificate may pretend to be a CA. Sorry, my comments were for the GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT flag which you don't use. The flag GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT is enabled by default so you don't have to set it. regards, Nikos _______________________________________________ Help-gnutls mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-gnutls
