Comment 45 for bug 305264
Revision history for this message
| Mathias Gug (mathiaz) wrote Re: [Bug 305264] Re: gnutls regression: failure in certificate chain validation | #45 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
9199653
demo site
(Get the code!)
On Mon, Mar 09, 2009 at 02:21:58PM -0000, Doug Engert wrote:
> The real fix is to get the gnutls people to support certificate
> directories, like OpenSSL. Why the rush to convert to gnutls
> when it has so many issues. (Licencing issues are low on my list of
> reasons.)
Licensing was the main motivation to move to 2.4 and GnuTLS. The other
option was to keep the client libraries to 2.1.
> > If the system running slapd is on hardy (or intrepid or jaunty) you
> > should also add all of the CA certificates to the server certificate
> > file - this is to workaround a bug where the slapd daemon doesn't send
> > all of the CA certificates to the client.
>
> All or just the intermediate certificates?
>
The intermediate certificates should be enough. If not all of them
should work.
> Another issue with gnutls, no intermediate file (or directory) of
> certificates.
>
Please open a new bug to track this specific issue.
--
Mathias Gug
Ubuntu Developer http://