gnutls fails to use Verisign CA cert without a Basic Constraint
tmraz at redhat.com
Fri Jan 9 11:54:28 CET 2009
On Fri, 2009-01-09 at 11:16 +0100, Simon Josefsson wrote:
> Simon Josefsson <simon at josefsson.org> writes:
> > "Douglas E. Engert" <deengert at anl.gov> writes:
> >> Attached are the server cert (auth2.it.anl.gov), the intermediate cert (f0a38a80.0)
> >> and the CA self signed cert (7651b327.0)
> > Thanks, I can reproduce the problem. Should be fixed with this patch:
> > http://git.savannah.gnu.org/cgit/gnutls.git/commit/
> Sorry, that link was wrong. For the 2.6.x branch the proper link is:
> Please test the patch and confirm whether or not it works for you. I
> think we should do a new 2.6.x release to deal with this.
I suppose there is an extraneous gnutls_assert () call in the case the
cert is V1 and the appropriate flags are set.
No matter how far down the wrong road you've gone, turn back.
More information about the Gnutls-devel