On 11/12/2013 11:36 AM, Rob Crittenden wrote:
> This is basically what I saw too. I'm waiting on someone from the NSS 
> team to get back to me. This must have something to do with the way that 
> OpenSSL validates certs vs NSS. Apparently NSS is being more picky but I 
> don't know why yet.

FWIW the current version of python-nss allows you to run NSS cert
validation in logging mode, you'll get back a list of errors detailing
everything NSS found at fault. Now having said that I'll also note the
validation information NSS generates can sometimes be less than
wonderful, but at least you'll be getting an insight into where NSS is
finding fault.

There is an example Python script doc/examples/verify_cert.py which you
can run to validate a cert, you can turn on the validation logging with
the --log command line arg. The example script also illustrates how to
do cert validation logging. The script is contained in the
python-nss-doc subpackage. You'll need to running python-nss >= 0.14.


Freeipa-users mailing list

Reply via email to