Simon Josefsson <si...@josefsson.org> writes: > a...@gedanken.demon.co.uk (Andrew M. Bishop) writes: > >> One thing that I noticed during the debugging of this problem is that >> the newly created certificates (above) are described by certtool as >> "Version: 3" but the WWWOFFLE ones are "Version: 1". > > V1 CA certs should be permitted in latest GnuTLS, but it was disabled > during some releases. I suspect this is not well tested, V1 certs are > rare, so there could be some bug. Could you enable certification > validation logging somehow? Or run gnutls-cli/gnutls-serv with logging > enabled.
Changing the version of the certificate is as simple as changing the argument to the gnutls_x509_crt_set_version() function isn't it? Is there any reason that I shouldn't just change this so that new certificates are generated as V3 while old ones remain V1? If there is no problem with a system using a mixture of the two certificate versions then this would give some future-proofing against gnutls changes wouldn't it? -- Andrew. ---------------------------------------------------------------------- Andrew M. Bishop a...@gedanken.demon.co.uk http://www.gedanken.demon.co.uk/ WWWOFFLE users page: http://www.gedanken.demon.co.uk/wwwoffle/version-2.9/user.html -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org