[gnutls-devel] GnuTLS | Unable to verify certificate chain on app.usmobile.com (#1771)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Wed Dec 10 09:50:27 CET 2025
František Krenželok commented: https://gitlab.com/gnutls/gnutls/-/issues/1771#note_2944248647
I don't think this is the case, afaik when server provides a intermediate that points to a distrusted root, the verification fails and no further attempts are made.
The reason this works on firefox, is that Mozilla added a cross-signed intermediate certificate directly to firefox that replaces the server on see(its quiet possible that for chrome it is the same situation). https://fkrenzel.cz/posts/2025-root-ca-mess.html#firefox
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1771#note_2944248647
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20251210/a7d21b50/attachment.html>
More information about the Gnutls-devel
mailing list