Bug#573736: https SSL verification fails
Jonathan Nieder
jrnieder at gmail.com
Fri Mar 26 18:39:58 UTC 2010
# take two
reopen 573736
retitle 573736 gnutls: sort certificate chain to work around misconfigured servers
severity 573736 wishlist
reassign 573736 libgnutls26 2.8.6-1
thanks
Thorsten Glaser wrote:
> Simon Josefsson dixit:
>> It seems alioth.debian.org is configured incorrectly, the chain it is
>> sending isn't sorted in the right order:
> […]
>> So I don't see any GnuTLS bug here.
>
> Most people configuring servers are clueless. Why can’t GnuTLS sort
> the chain (and drop the Root CA Cert) itself, as OpenSSL appears to
> do (maybe to reduce support requests such as this one)? Especially,
> for example when you have no influence over the server in use… even
> if the standard mandates an order (did not check), being liberal in
> accepting sometimes helps.
Sounds reasonable to me.
Jonathan
More information about the Pkg-gnutls-maint
mailing list