Package: libgnutls13 Version: 1.4.4-3 Tags: patch When running a service which requests the client to authenticate itself with a client certificate, the gnutls server will send the wrong CA DNs to the client. This prevents the client to select the correct certificate.
Instead of providing a list of trusted CA DNs, the gnutls server sends a list of their issuers. This violates the SSL protocol specification section 5.6.4. In the most basic setups (in which gnutls might have been tested?), this is not a problem, since the client certificate is signed by the self-signed root CA, which is by definition its own issuer. In a complex real world setup, however, client authentication will not work. I have reported this problem to upstream yesterday: http://lists.gnupg.org/pipermail/gnutls-dev/2006-December/001313.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
