gnutls fails to use Verisign CA cert without a Basic Constraint

Tomas Mraz tmraz at
Fri Jan 9 11:54:28 CET 2009

On Fri, 2009-01-09 at 11:16 +0100, Simon Josefsson wrote:
> Simon Josefsson <simon at> writes:
> > "Douglas E. Engert" <deengert at> writes:
> >
> >> Attached are the server cert (, the intermediate cert (f0a38a80.0)
> >> and the CA self signed cert (7651b327.0)
> >
> > Thanks, I can reproduce the problem.  Should be fixed with this patch:
> >
> >
> Sorry, that link was wrong.  For the 2.6.x branch the proper link is:
> Please test the patch and confirm whether or not it works for you.  I
> think we should do a new 2.6.x release to deal with this.

I suppose there is an extraneous gnutls_assert () call in the case the
cert is V1 and the appropriate flags are set.
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb

More information about the Gnutls-devel mailing list