Comment 44 for bug 305264
Revision history for this message
| Doug Engert (deengert) wrote Re: [Bug 305264] Re: gnutls regression: failure in certificate chain validation | #44 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
9199653
demo site
(Get the code!)
Mathias Gug wrote:
> One workaround is to put all of the CA certs in the trusted CA
> certificate file.
Yes, that is what we have had to do.
The real fix is to get the gnutls people to support certificate
directories, like OpenSSL. Why the rush to convert to gnutls
when it has so many issues. (Licencing issues are low on my list of
reasons.)
>
> If the system running slapd is on hardy (or intrepid or jaunty) you
> should also add all of the CA certificates to the server certificate
> file - this is to workaround a bug where the slapd daemon doesn't send
> all of the CA certificates to the client.
All or just the intermediate certificates?
Another issue with gnutls, no intermediate file (or directory) of
certificates.
>
--
Douglas E. Engert <email address hidden>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444