# take two reopen 573736 retitle 573736 gnutls: sort certificate chain to work around misconfigured servers severity 573736 wishlist reassign 573736 libgnutls26 2.8.6-1 thanks
Thorsten Glaser wrote: > Simon Josefsson dixit: >> It seems alioth.debian.org is configured incorrectly, the chain it is >> sending isn't sorted in the right order: > […] >> So I don't see any GnuTLS bug here. > > Most people configuring servers are clueless. Why can’t GnuTLS sort > the chain (and drop the Root CA Cert) itself, as OpenSSL appears to > do (maybe to reduce support requests such as this one)? Especially, > for example when you have no influence over the server in use… even > if the standard mandates an order (did not check), being liberal in > accepting sometimes helps. Sounds reasonable to me. Jonathan -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
