From: Nikos Mavrogiannopoulos Date: Wed, 2 Feb 2011 09:21:05 +0000 (+0100) Subject: updated README on certificate verifications that fail. X-Git-Tag: gnutls_2_99_0~339 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=c75ffd30e43b1baf7909cb3c190eeb31f1471ce7;p=thirdparty%2Fgnutls.git updated README on certificate verifications that fail. --- diff --git a/tests/x509paths/README b/tests/x509paths/README index e2e85b2107..85532f6065 100644 --- a/tests/x509paths/README +++ b/tests/x509paths/README @@ -19,14 +19,16 @@ not a real problem. Chain 15-18: We should succeed, the reason we don't is that we use memcmp for DN comparisons. -Chain 19: I don't understand why this test should fail? The chain -seems fine to me. +Chain 19: This requires advanced verification that we don't support +yet. It requires to check that this path contains no revocation data. +We shouldn't make these tests. Chain 28-29: We fail to check keyCertSign (non-)critical key usage in intermediate certificates. XXX Chain 31-32: The CRL is issued by a issuer without CRLSign (non-)critical keyCertSign. We don't check the CRL, so this is not a -real problem. +real problem. This is easier to be supported now with the trust_list +that can verify CRLs on addition. Chain 54-63: We don't check path length constraints properly. XXX