[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Help-gnutls] Peer verification

From: Michael Bell
Subject: [Help-gnutls] Peer verification
Date: Fri, 23 Nov 2007 12:03:08 +0100
User-agent: Thunderbird (X11/20071031)


I try to get a correct validation for a https server. My problem is that certtool says that everthing is find and gnutls-cli fails.

  - server cert + intermediate ca + root ca
  - server sends only the server cert and the intermediate CA
  - server sends additionally several other CA certs
  - server does not send the root CA cert
  - CA file with both CA certs

  - certtool -e --infile /tmp/certs.pem
  - certs.pem contains all three certificates
  - certtool verifies all certs with "Verification output: Verified."

  - gnutls-cli --x509cafile /tmp/calist.pem
  - tested with all certs, only the CAs and only the root in calist.pem
  - all certificates in calist.pem are correctly detected
  - all certs send by the server are correctly recognized
  - nevertheless "Peer's certificate is NOT trusted"

Any ideas what's the problem? Browsers can verify the server correctly but perhaps the missing CA cert in the send cert list of the server is a problem.

FYI I found this problem while debugging opensync/libsoup which uses gnutls.

Thanks in advance


Michael Bell                    Humboldt-Universitaet zu Berlin

Tel.: +49 (0)30-2093 2482       ZE Computer- und Medienservice
Fax:  +49 (0)30-2093 2704       Unter den Linden 6
address@hidden   D-10099 Berlin

X.509 CA Certificates / Wurzelzertifikate

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]