Intermediate Certificate problem
Simon Brown
simon at cliffestones.demon.co.uk
Thu Jul 8 18:37:21 CEST 2010
At Thu, 08 Jul 2010 17:59:28 +0200,
Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote:
> It seems that the program you are using should set the verification flag
> to allow X.509 V.1 certificates. This is done with the
> gnutls_certificate_set_verify_flags(xcred,
> GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
>
> call. For some reason it wasn't default in gnutls-cli as well. I've set
> it now.
Wanderlust is an emacs application, I believe it was using gnutls-cli
directly rather than calling library code.
I shall pass this onto the Wanderlust packager and perhaps the gnutls-cli
packager as a patch is needed.
> By default we disable version 1 certificates since it is not possible to
> distinguish CA certificates from end-user (server) certificates. If one
> is sure that his trusted certificate storage only contains CA
> certificates, then this flag should be specified.
Thanks,
Simon
More information about the Gnutls-help
mailing list