Does not support full certificate chain lookups (Debian Bug #446036)

Simon Josefsson simon at
Fri Jan 4 00:18:16 CET 2008

On 3 jan 2008, at 01.38, Marc Haber wrote:

> Debian Bug #446036,
> =================================================
> This issue is only one of the arguments given in the bug report, but
> the others have been addressed in other places, and others again I am
> willing to ignore for the time being.
> Simon writes:
>>  The other claim is that ???openssl actually supports full  
>> certificate
>>  chain lookups, so you can be guaranteed that this cert was signed  
>> was
>>  signed by that ca. gnutls does not, to the best of my  
>> knowledge.???. As
>>  far as I can understand with Stephen Gran refers to, that is simply
>>  false.
> Can you comment this inside the bug report, please? I do not feel that
> it would be a good idea for me to be mail and information relay.

I added my comments to the bug, see:


More information about the Gnutls-devel mailing list