[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Gnu TLS needs to be more tolerant of mistakes in certificate chain o
From: |
Nikos Mavrogiannopoulos |
Subject: |
Re: Gnu TLS needs to be more tolerant of mistakes in certificate chain order. |
Date: |
Sun, 16 Sep 2012 21:34:37 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:10.0.6esrpre) Gecko/20120805 Icedove/10.0.6 |
On 09/14/2012 12:00 PM, Stephen Baynes wrote:
> Gnu TLS needs to be more tolerant of mistakes in certificate chain order.
[...]
> That is over 2% of the original sample, small but hardly insignificant.
> The one good thing is that in all cases the first entry in the chain was
> the correct
> one which makes it much easier to know where to start.
Thank you for the insight. This is long asked feature and I'm pretty
convinced that the real-world server certificate lists are a mess. I
plan to add it in one of the upcoming releases.
regards,
Nikos