The order of the certificate chain that I configured in my web server was wrong: I put the CA root first, and then the intermediate cert. The SSL spec says that the SSL server should send its own cert first, next (in order) all higher-level certs up to the root CA.
Reordering certs in the Apache "SSLCertificateChainFile" did the trick. Apparently GnuTLS adheres more strictly to the SSL spec than OpenSSL. What happened to 'Be conservative in what you send, liberal in what you accept' (Postel's law) and RFC1122? I'll close this bug report. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org