rsyslog-gnutls can't validate V1 CA certificates
Bug #514079 reported by
H.-Dirk Schmitt
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Rsyslog |
Won't Fix
|
Medium
|
|||
rsyslog (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: rsyslog
In my organisation the CA is based on a V1 CA certificate.
This triggers the following error:
pluto rsyslogd: not permitted to talk to peer, certificate invalid: signer is
not a CA
I can reproduce the problem with gnutls-cli:
gnutls-cli -V --x509cafile /etc/ssl/
pluto.computer4
--> - Peer's certificate issuer is not a CA
If I add '--priority NORMAL:
the certificate validation is successful.
See also http://
https:/
problems with gnutls.
Changed in rsyslog: | |
status: | Unknown → Confirmed |
Changed in rsyslog: | |
status: | Confirmed → In Progress |
Changed in rsyslog: | |
importance: | Unknown → Medium |
Changed in rsyslog: | |
status: | In Progress → Confirmed |
Changed in rsyslog: | |
status: | Confirmed → Won't Fix |
To post a comment you must log in.
In my organisation the CA is based on a V1 CA certificate.
This triggers the following error:
pluto rsyslogd: not permitted to talk to peer, certificate invalid: signer is not a CA
I can reproduce the problem with gnutls-cli: certs/proarc- srv.crt -p 42514 2.org
gnutls-cli -V --x509cafile /etc/ssl/
pluto.computer4
--> - Peer's certificate issuer is not a CA
If I add '--priority NORMAL: %VERIFY_ ALLOW_X509_ V1_CA_CRT' to the command above, the certificate validation is successful.
See also http:// bugs.debian. org/cgi- bin/bugreport. cgi?bug= 563127# 15 and /bugs.launchpad .net/ubuntu/ +source/ openldap/ +bug/305264 for similar problems with gnutls.
https:/