Skip to content

GitLab Next

    • GitLab: the DevOps platform
    • Explore GitLab
    • Install GitLab
    • How GitLab compares
    • Get started
    • GitLab docs
    • GitLab Learn
  • Pricing
  • Talk to an expert
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
    • Menu
    Projects Groups Snippets
  • Sign up now
  • Login
  • Sign in / Register
  • GnuTLS GnuTLS
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Locked Files
  • Issues 240
    • Issues 240
    • List
    • Boards
    • Service Desk
    • Milestones
    • Iterations
    • Requirements
  • Merge requests 18
    • Merge requests 18
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
    • Test Cases
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Code review
    • Insights
    • Issue
    • Repository
  • Wiki
    • Wiki
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • gnutls
  • GnuTLSGnuTLS
  • Issues
  • #202
Closed
Open
Created May 15, 2017 by Nikos Mavrogiannopoulos@nmavOwner

add a callback to retrieve missing chain certificates

Often web sites provide incomplete certificate chains meaning that applications have to fill the gaps, or face a certificate validation error. In practice applications can retrieve such incomplete chains by using the authority information access extension. However, GnuTLS at this point does not provide any callbacks to make it easy for applications to plug such missing CAs in verification functions such as gnutls_certificate_verify_peers3() and gnutls_certificate_verify_peers().

We should provide a callback which is used once a missing issuer is detected to ask the application to download the one in the AIA extension. (requested by Michael Catanzaro)

Example web site:

https://incomplete-chain.badssl.com/

Example AIA extension:

		Authority Information Access (not critical):
			Access Method: 1.3.6.1.5.5.7.48.2 (id-ad-caIssuers)
			Access Location URI: http://crt.comodoca.com/COMODORSADomainValidationSecureServerCA.crt
			Access Method: 1.3.6.1.5.5.7.48.1 (id-ad-ocsp)
			Access Location URI: http://ocsp.comodoca.com
Assignee
Assign to
Time tracking