"Roland Winkler" <[email protected]> writes:
> On Mon Jun 1 2009 Daniel Kahn Gillmor wrote: >> I've opened https://bugzilla.novell.com/show_bug.cgi?id=508844 to >> suggest that YaST should behave differently. Roland, if you can follow >> up there with more details about how the cert in question was created >> and how the service was configured, we might be able to prevent this >> from tripping up other folks in the future. > > It's a bit difficult to reconstruct the details. > > The certificate was created via YaST on an Open Enterprise Server > (OES) SP2. The sysadmin told me that these certificates are mainly > intended for https connections and secure communication of Novell's > eDirectory service. They are not specifically designed for secure > SMTP connections that triggered the "key usage violation" problem. The same concerns applies to https/ldaps: if the KeySign key usage isn't permitted, you can't use DHE ciphersuites. That seems sub-optimal, but could be intentional for some strange reason. /Simon _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
