Comment 45 for bug 305264

Revision history for this message
Mathias Gug (mathiaz) wrote : Re: [Bug 305264] Re: gnutls regression: failure in certificate chain validation

On Mon, Mar 09, 2009 at 02:21:58PM -0000, Doug Engert wrote:
> The real fix is to get the gnutls people to support certificate
> directories, like OpenSSL. Why the rush to convert to gnutls
> when it has so many issues. (Licencing issues are low on my list of
> reasons.)

Licensing was the main motivation to move to 2.4 and GnuTLS. The other
option was to keep the client libraries to 2.1.

> > If the system running slapd is on hardy (or intrepid or jaunty) you
> > should also add all of the CA certificates to the server certificate
> > file - this is to workaround a bug where the slapd daemon doesn't send
> > all of the CA certificates to the client.
> All or just the intermediate certificates?

The intermediate certificates should be enough. If not all of them
should work.

> Another issue with gnutls, no intermediate file (or directory) of
> certificates.

Please open a new bug to track this specific issue.

Mathias Gug
Ubuntu Developer