Does not support full certificate chain lookups (Debian Bug #446036)
Marc Haber
mh+gnutls-devel at zugschlus.de
Thu Jan 3 01:38:36 CET 2008
Hi,
Simon Josefsson has suggested to me (a member of the maintainer team
for Exim's packages for the Debian Operating System) that it might be
a good idea to move a technical debate from our blogs
(http://blog.zugschlus.de/archives/585-exim4-vs.-OpenSSL-vs.-GnuTLS.html,
http://blog.josefsson.org/2007/11/09/response-to-gnutls-in-exim-debate/)
to gnutls-devel as this list is a better medium for archived discussion.
I'll send a dedicated mail for each of Debian's bug reports, so that
the threads are not going to intermix.
Debian Bug #446036, http://bugs.debian.org/446036
=================================================
This issue is only one of the arguments given in the bug report, but
the others have been addressed in other places, and others again I am
willing to ignore for the time being.
Simon writes:
> The other claim is that ???openssl actually supports full certificate
> chain lookups, so you can be guaranteed that this cert was signed was
> signed by that ca. gnutls does not, to the best of my knowledge.???. As
> far as I can understand with Stephen Gran refers to, that is simply
> false.
Can you comment this inside the bug report, please? I do not feel that
it would be a good idea for me to be mail and information relay.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190
More information about the Gnutls-devel
mailing list