[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Gnu TLS needs to be more tolerant of mistakes in certificate chain o
Re: Gnu TLS needs to be more tolerant of mistakes in certificate chain order.
Sun, 16 Sep 2012 21:34:37 +0200
Mozilla/5.0 (X11; Linux x86_64; rv:10.0.6esrpre) Gecko/20120805 Icedove/10.0.6
On 09/14/2012 12:00 PM, Stephen Baynes wrote:
> Gnu TLS needs to be more tolerant of mistakes in certificate chain order.
> That is over 2% of the original sample, small but hardly insignificant.
> The one good thing is that in all cases the first entry in the chain was
> the correct
> one which makes it much easier to know where to start.
Thank you for the insight. This is long asked feature and I'm pretty
convinced that the real-world server certificate lists are a mess. I
plan to add it in one of the upcoming releases.