Re: Gnu TLS needs to be more tolerant of mistakes in certificate chain o

gnutls-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Gnu TLS needs to be more tolerant of mistakes in certificate chain o

From:	Nikos Mavrogiannopoulos
Subject:	Re: Gnu TLS needs to be more tolerant of mistakes in certificate chain order.
Date:	Sun, 16 Sep 2012 21:34:37 +0200
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:10.0.6esrpre) Gecko/20120805 Icedove/10.0.6

On 09/14/2012 12:00 PM, Stephen Baynes wrote:

> Gnu TLS needs to be more tolerant of mistakes in certificate chain order.
[...]
> That is over 2% of the original sample, small but hardly insignificant.
> The one good thing is that in all cases the first entry in the chain was
> the correct
> one which makes it much easier to know where to start.

Thank you for the insight. This is long asked feature and I'm pretty
convinced that the real-world server certificate lists are a mess. I
plan to add it in one of the upcoming releases.

regards,
Nikos

[Prev in Thread]

Current Thread

[Next in Thread]

Gnu TLS needs to be more tolerant of mistakes in certificate chain order., Stephen Baynes, 2012/09/14
- Re: Gnu TLS needs to be more tolerant of mistakes in certificate chain order., Nikos Mavrogiannopoulos <=

Prev by Date: Re: Documentation on W32
Next by Date: Re: Compilation error gnutls-3.1.1 with nettle-2.5 on cygwin
Previous by thread: Gnu TLS needs to be more tolerant of mistakes in certificate chain order.
Next by thread: [sr #108140] libgnutls-openssl.so is linked to system libgnutls.so in certain conditions
Index(es):
- Date
- Thread