Bug#514807: Regression in libgnutls security update

Florian Weimer fw at deneb.enyo.de
Thu Feb 12 12:16:07 UTC 2009

* Simon Josefsson:

>> and the DN doesn't really matter, either.
> The SubjectDN of the CA needs to match the IssuerDN of the next cert in
> the chain.

I meant it in the sense that no root certificates are revoked after
the DN has become invalid because the denoted legal entity has ceased
to exist, or someone else has gained access to (or full control over)
the key material.

More information about the Pkg-gnutls-maint mailing list