gnutls fails to use Verisign CA cert without a Basic Constraint
Tomas Mraz
tmraz at redhat.com
Fri Jan 9 11:54:28 CET 2009
On Fri, 2009-01-09 at 11:16 +0100, Simon Josefsson wrote:
> Simon Josefsson <simon at josefsson.org> writes:
>
> > "Douglas E. Engert" <deengert at anl.gov> writes:
> >
> >> Attached are the server cert (auth2.it.anl.gov), the intermediate cert (f0a38a80.0)
> >> and the CA self signed cert (7651b327.0)
> >
> > Thanks, I can reproduce the problem. Should be fixed with this patch:
> >
> > http://git.savannah.gnu.org/cgit/gnutls.git/commit/
>
> Sorry, that link was wrong. For the 2.6.x branch the proper link is:
>
> http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=423fc8b82f2b9aa3ea820cd5cf75d5813dffbbf0
>
> Please test the patch and confirm whether or not it works for you. I
> think we should do a new 2.6.x release to deal with this.
I suppose there is an extraneous gnutls_assert () call in the case the
cert is V1 and the appropriate flags are set.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
More information about the Gnutls-devel
mailing list