Re: Intermediate Certificate problem

help-gnutls

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Intermediate Certificate problem

From:	Simon Brown
Subject:	Re: Intermediate Certificate problem
Date:	Thu, 08 Jul 2010 17:37:21 +0100
User-agent:	Wanderlust/2.15.9 (Almost Unreal) SEMI/1.14.6 (Maruoka) FLIM/1.14.9 (Gojō) APEL/10.8 Emacs/23.1 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO)

At Thu, 08 Jul 2010 17:59:28 +0200,
Nikos Mavrogiannopoulos <address@hidden> wrote:
> It seems that the program you are using should set the verification flag
> to allow X.509 V.1 certificates. This is done with the
> gnutls_certificate_set_verify_flags(xcred,
> GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
> 
> call. For some reason it wasn't default in gnutls-cli as well. I've set
> it now.
Wanderlust is an emacs application, I believe it was using gnutls-cli
directly rather than calling library code.

I shall pass this onto the Wanderlust packager and perhaps the gnutls-cli
packager as a patch is needed.

> By default we disable version 1 certificates since it is not possible to
> distinguish CA certificates from end-user (server) certificates. If one
> is sure that his trusted certificate storage only contains CA
> certificates, then this flag should be specified.

Thanks,

Simon

[Prev in Thread]

Current Thread

[Next in Thread]

Intermediate Certificate problem, Simon Brown, 2010/07/05
- Re: Intermediate Certificate problem, Nikos Mavrogiannopoulos, 2010/07/08
  - Re: Intermediate Certificate problem, Simon Brown <=

Prev by Date: Re: Intermediate Certificate problem
Next by Date: select + record_recv
Previous by thread: Re: Intermediate Certificate problem
Next by thread: understanding the SSL I/O model
Index(es):
- Date
- Thread