[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Help-gnutls] Re: gnutls fails to verify server sertificate while openss

From: Peter Volkov
Subject: [Help-gnutls] Re: gnutls fails to verify server sertificate while openssl works
Date: Mon, 06 Oct 2008 12:20:51 +0400

Is it possible to do something similar in gnutls? It looks like there
are reasons to validate certificate with wrong order...

-------- Forwarded message --------
From: Tim Hudson <tjh AT cryptsoft  com>
Reply-TO: address@hidden
TO: address@hidden

Peter Volkov wrote:
> CC'ing openssl developers for their opinions, since I think this
> behavior better to have consistent or configurable. Description of the
> problem is here:

Placing this in context - connect with internet explorer or firefox to and you will see that both of those independent 
implementations see nothing wrong with the certificate chain and handle the 
redirect to without and errors or warnings.

Implementations typically take the list of certificates as untrusted 
certificates to add into the process of walking the certificate chain to a 
trusted root certificate. There are pragmatic reasons for doing it this way.

 From an interoperability point of view remember the adage - "Be strict in what 
you generate, be liberal in what you accept"



reply via email to

[Prev in Thread] Current Thread [Next in Thread]