[gnutls-devel] GnuTLS | Missing Subject Alternative Name Type - registeredID (#905)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Tue Jan 14 18:47:39 CET 2020
Andreas Metzler commented:
You diagnosis looks correct.
I have downloaded the two pems in the report, cat-ed them together and ran
`certtool --verify-chain --verify-hostname=node.acme.com --infile=/tmp/chain.pem`
with all 3.5 and 3.6 uploads to Debian.
* 3.5.0-1 to 3.5.9-1 work,
* 3.5.10-1 to 3.5.19-1 and 3.6.0-1 up to an including 3.6.8-2 produce "Unknown Subject Alternative name in X.509 certificate.",
* 3.6.9-1 and later are fine.
So this is a regression in 3.5.10 that was fixed in 3.6.9 (Or in Debian releases a regression from stretch/9 to buster/10.)
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/905#note_271409121
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200114/e86abba0/attachment.html>
More information about the Gnutls-devel
mailing list