Comment 44 for bug 305264

Revision history for this message
Doug Engert (deengert) wrote : Re: [Bug 305264] Re: gnutls regression: failure in certificate chain validation

Mathias Gug wrote:
> One workaround is to put all of the CA certs in the trusted CA
> certificate file.

Yes, that is what we have had to do.

The real fix is to get the gnutls people to support certificate
directories, like OpenSSL. Why the rush to convert to gnutls
when it has so many issues. (Licencing issues are low on my list of

> If the system running slapd is on hardy (or intrepid or jaunty) you
> should also add all of the CA certificates to the server certificate
> file - this is to workaround a bug where the slapd daemon doesn't send
> all of the CA certificates to the client.

All or just the intermediate certificates?

Another issue with gnutls, no intermediate file (or directory) of



  Douglas E. Engert <email address hidden>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois 60439
  (630) 252-5444