[Bug 305264] Re: gnutls regression: failure in certificate chain validation
Doug Engert
deengert at anl.gov
Mon Mar 9 14:21:58 GMT 2009
Mathias Gug wrote:
> One workaround is to put all of the CA certs in the trusted CA
> certificate file.
Yes, that is what we have had to do.
The real fix is to get the gnutls people to support certificate
directories, like OpenSSL. Why the rush to convert to gnutls
when it has so many issues. (Licencing issues are low on my list of
reasons.)
>
> If the system running slapd is on hardy (or intrepid or jaunty) you
> should also add all of the CA certificates to the server certificate
> file - this is to workaround a bug where the slapd daemon doesn't send
> all of the CA certificates to the client.
All or just the intermediate certificates?
Another issue with gnutls, no intermediate file (or directory) of
certificates.
>
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
--
gnutls regression: failure in certificate chain validation
https://bugs.launchpad.net/bugs/305264
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in ubuntu.
More information about the Ubuntu-server-bugs
mailing list