sslcacertfile troubleshooting :)

[SamLT]

On Wed, Jan 18, 2012 at 01:49:02PM +0200, Daniel Shahaf wrote:
> SamLT wrote on Wed, Jan 18, 2012 at 12:00:32 +0100:
> > As a side note, the documentation could suggest using gnutls used
> > instead of
> 
> Polite would be "in addition to".

I'm no english native speaker, but "could suggest" didn't feel rude to
me. Sorry if that's so.

> 
> > openssl to generate the sslcacertfile, since 1) s_client doesn't
> > support IPv6,
> 
> That's false.

Really? Well, I just noticed that this morning while trying to
understand what was going on. "s_client", here, certainly doesn't try
AAAA dns lookup by default, doesn't accept any -4 or -6 switch nor an
IPv6 address when specified manually. After looking on the web, I
read there has been many patch to add that "functionnality", but, I
haven't found one that has been accepted.

I'm currently using openssl 1.0.0.f which isn't an old version. So, I
admit I haven't dig deeper then that, but hopefully you're going to
enlighten me.


On Wed, Jan 18, 2012 at 01:51:31PM +0200, Daniel Shahaf wrote:
> For starters you could pass --verbose to gnutls-cli.
> 

exactly the same output, but I agree I could have been more clear about
that from the beginning.

On Wed, Jan 18, 2012 at 01:55:33PM +0200, Daniel Shahaf wrote:
> And, frankly, I wish you didn't use every single opportunity you had to
> point out or imply that you prefer gnutls to openssl.
> 

Wow! This one comes from nowhere! I'm sorry if it's how it looked, but
to my defense I'd say, I had not used gnutls from the cli until just
this morning. Why did I try it? Because I'm trying to understand what's
happenning. And doing so sometimes means trying with different tools
than those we're used to.