Does not support full certificate chain lookups (Debian Bug #446036)

Marc Haber mh+gnutls-devel at
Thu Jan 3 01:38:36 CET 2008


Simon Josefsson has suggested to me (a member of the maintainer team
for Exim's packages for the Debian Operating System) that it might be
a good idea to move a technical debate from our blogs
to gnutls-devel as this list is a better medium for archived discussion.

I'll send a dedicated mail for each of Debian's bug reports, so that
the threads are not going to intermix.

Debian Bug #446036,
This issue is only one of the arguments given in the bug report, but
the others have been addressed in other places, and others again I am
willing to ignore for the time being.

Simon writes:
>  The other claim is that ???openssl actually supports full certificate
>  chain lookups, so you can be guaranteed that this cert was signed was
>  signed by that ca. gnutls does not, to the best of my knowledge.???. As
>  far as I can understand with Stephen Gran refers to, that is simply
>  false.

Can you comment this inside the bug report, please? I do not feel that
it would be a good idea for me to be mail and information relay.


Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 3221 2323190

More information about the Gnutls-devel mailing list