[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: gnutls fails to use Verisign CA cert without a Basic Constraint
From: |
Tomas Mraz |
Subject: |
Re: gnutls fails to use Verisign CA cert without a Basic Constraint |
Date: |
Fri, 09 Jan 2009 13:44:09 +0100 |
On Fri, 2009-01-09 at 12:09 +0100, Simon Josefsson wrote:
> Tomas Mraz <address@hidden> writes:
>
> > On Fri, 2009-01-09 at 11:16 +0100, Simon Josefsson wrote:
> >> Simon Josefsson <address@hidden> writes:
> >>
> >> > "Douglas E. Engert" <address@hidden> writes:
> >> >
> >> >> Attached are the server cert (auth2.it.anl.gov), the intermediate cert
> >> >> (f0a38a80.0)
> >> >> and the CA self signed cert (7651b327.0)
> >> >
> >> > Thanks, I can reproduce the problem. Should be fixed with this patch:
> >> >
> >> > http://git.savannah.gnu.org/cgit/gnutls.git/commit/
> >>
> >> Sorry, that link was wrong. For the 2.6.x branch the proper link is:
> >>
> >> http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=423fc8b82f2b9aa3ea820cd5cf75d5813dffbbf0
> >>
> >> Please test the patch and confirm whether or not it works for you. I
> >> think we should do a new 2.6.x release to deal with this.
> >
> > I suppose there is an extraneous gnutls_assert () call in the case the
> > cert is V1 and the appropriate flags are set.
>
> The gnutls_assert() is there for logging, and can be useful when
> understanding which path an execution took. If debug logging is not
> used (the default) it is essentially a no-op.
>
> I guess we can remove the call if it is triggered very often, but
> logging about V1 CA's might make someone notice it and do something
> about it. I'd consider a V1 CA something of an exception and worth
> worrying about, hence the assert call.
Ah, OK. That makes good sense.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
- gnutls fails to use Verisign CA cert without a Basic Constraint, Douglas E. Engert, 2009/01/07
- Re: gnutls fails to use Verisign CA cert without a Basic Constraint, Simon Josefsson, 2009/01/08
- Re: gnutls fails to use Verisign CA cert without a Basic Constraint, Douglas E. Engert, 2009/01/09
- Re: gnutls fails to use Verisign CA cert without a Basic Constraint, Simon Josefsson, 2009/01/09
- Re: gnutls fails to use Verisign CA cert without a Basic Constraint, Daniel Kahn Gillmor, 2009/01/09
- Re: gnutls fails to use Verisign CA cert without a Basic Constraint, Simon Josefsson, 2009/01/10
- Re: gnutls fails to use Verisign CA cert without a Basic Constraint, Douglas E. Engert, 2009/01/09
- Re: gnutls fails to use Verisign CA cert without a Basic Constraint, Simon Josefsson, 2009/01/10
- Re: gnutls fails to use Verisign CA cert without a Basic Constraint, Nikos Mavrogiannopoulos, 2009/01/10
- Re: gnutls fails to use Verisign CA cert without a Basic Constraint, Simon Josefsson, 2009/01/11
- Re: gnutls fails to use Verisign CA cert without a Basic Constraint, Douglas E. Engert, 2009/01/12
- Re: gnutls fails to use Verisign CA cert without a Basic Constraint, Douglas E. Engert, 2009/01/12