Nikos Mavrogiannopoulos schrieb:
In your logs I see that the certificate [1] is the root certificate. This looks wrong. The chain should be [0] = server certificate[1] = intermediate [2] = root
I read RFC 2246 TLS and it looks like the certificate chain must be in the correct order but it looks like Apache and all clients simply ignore this part of the specification and create the order by themselves. So if GnuTLS has something like a wishlist then I would like to add a more tolerant behaviour because OpenSSL (and by this way Apache) and all the other clients simply accept this behaviour and so the most servers will never take care about such issues.
BTW is there a FAQ or WiKi where I can document this for other users? I think this could be helpful because neither Apache nor OpenSSL s_client report/log any problems with such servers/configurations.
Sorry for the trouble Michael -- _______________________________________________________________ Michael Bell Humboldt-Universitaet zu Berlin Tel.: +49 (0)30-2093 2482 ZE Computer- und Medienservice Fax: +49 (0)30-2093 2704 Unter den Linden 6 [EMAIL PROTECTED] D-10099 Berlin _______________________________________________________________ X.509 CA Certificates / Wurzelzertifikate http://ra.pki.hu-berlin.de
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
