On 30 October 2012 15:17, Nikos Mavrogiannopoulos <[email protected]> wrote: > On Tue, Oct 30, 2012 at 2:28 PM, Michal Suchanek <[email protected]> wrote: > >>> Now for the issue you see. It is because you do not set the flag >>> GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN. If you set this flag then unsorted >>> chains will be sorted prior to verification. The reason you see this >>> failure is because this flag is enabled by default on a credentials >>> structure, unless it is overridden by other flags as you do. >> So all the examples using gnutls_certificate_set_verify_flags are >> bogus because they replace the defualt flags and break the >> verification. > > Which examples do you refer to? However, an update_flags may be > helpful indeed. I'll check it.
Don't know where the software author copied that line but eg. here http://www.gnu.org/software/gnutls/manual/html_node/Digital-signatures.html the manual advises to use set_verify_flags. Thanks Michal _______________________________________________ Help-gnutls mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-gnutls
