[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: gnutls fails to use Verisign CA cert without a Basic Constraint

From: Simon Josefsson
Subject: Re: gnutls fails to use Verisign CA cert without a Basic Constraint
Date: Fri, 09 Jan 2009 12:09:39 +0100
User-agent: Gnus/5.110011 (No Gnus v0.11) Emacs/22.2 (gnu/linux)

Tomas Mraz <address@hidden> writes:

> On Fri, 2009-01-09 at 11:16 +0100, Simon Josefsson wrote:
>> Simon Josefsson <address@hidden> writes:
>> > "Douglas E. Engert" <address@hidden> writes:
>> >
>> >> Attached are the server cert (, the intermediate cert 
>> >> (f0a38a80.0)
>> >> and the CA self signed cert (7651b327.0)
>> >
>> > Thanks, I can reproduce the problem.  Should be fixed with this patch:
>> >
>> >
>> Sorry, that link was wrong.  For the 2.6.x branch the proper link is:
>> Please test the patch and confirm whether or not it works for you.  I
>> think we should do a new 2.6.x release to deal with this.
> I suppose there is an extraneous gnutls_assert () call in the case the
> cert is V1 and the appropriate flags are set.

The gnutls_assert() is there for logging, and can be useful when
understanding which path an execution took.  If debug logging is not
used (the default) it is essentially a no-op.

I guess we can remove the call if it is triggered very often, but
logging about V1 CA's might make someone notice it and do something
about it.  I'd consider a V1 CA something of an exception and worth
worrying about, hence the assert call.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]