[gnutls-devel] GnuTLS | GnuTLS 3.6.4 based Gnome Web TLS error on site that Firefox does not complain about (#625)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Fri Nov 23 20:07:25 CET 2018


The problem is actually that everymancork.com is not sending the intermediate certificate COMODO RSA Domain Validation Secure Server CA. This is not a root certificate and it's not supposed to be provided by the OS. It's supposed to be provided by everymancork.com.

Firefox surely has it cached from a previous visit to some other website. [I wrote about this problem a while back.](https://blogs.gnome.org/mcatanzaro/2015/01/30/mozilla-is-responsible-for-the-redhat-corpmerchandise-com-fiasco/)

Sadly, thanks to questionable choices by Firefox and Chrome, web compatibility nowadays requires verifying incomplete chains, which GnuTLS does not support. I'm actively working on #202 which should allow us to verify this incomplete chain. I recommend marking this issue as a duplicate of #202.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/625#note_119714907
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20181123/d0080792/attachment.html>


More information about the Gnutls-devel mailing list