At Thu, 08 Jul 2010 17:59:28 +0200, Nikos Mavrogiannopoulos <[email protected]> wrote: > It seems that the program you are using should set the verification flag > to allow X.509 V.1 certificates. This is done with the > gnutls_certificate_set_verify_flags(xcred, > GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT); > > call. For some reason it wasn't default in gnutls-cli as well. I've set > it now. Wanderlust is an emacs application, I believe it was using gnutls-cli directly rather than calling library code.
I shall pass this onto the Wanderlust packager and perhaps the gnutls-cli packager as a patch is needed. > By default we disable version 1 certificates since it is not possible to > distinguish CA certificates from end-user (server) certificates. If one > is sure that his trusted certificate storage only contains CA > certificates, then this flag should be specified. Thanks, Simon _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
