[Bug 514079] Re: rsyslog-gnutls can't validate V1 CA certificates

Tue, 18 Oct 2011 01:18:02 -0700 

Launchpad has imported 3 comments from the remote bug at
http://bugzilla.adiscon.com/show_bug.cgi?id=176.

If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad.net/InterBugTracking.

------------------------------------------------------------------------
On 2010-01-28T23:36:36+00:00 H.-Dirk Schmitt wrote:

In my organisation the CA is based on a V1 CA certificate.
This triggers the following error:
 pluto rsyslogd: not permitted to talk to peer, certificate invalid: signer is 
not a CA

I can reproduce the problem with gnutls-cli:
   gnutls-cli -V --x509cafile /etc/ssl/certs/proarc-srv.crt   -p 42514
pluto.computer42.org 
   --> - Peer's certificate issuer is not a CA


If I add '--priority NORMAL:%VERIFY_ALLOW_X509_V1_CA_CRT' to the command above, 
the certificate validation is successful.

See also http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=563127#15 and 
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/305264 for similar 
problems with gnutls.

Reply at: https://bugs.launchpad.net/rsyslog/+bug/514079/comments/0

------------------------------------------------------------------------
On 2010-01-28T23:38:12+00:00 H.-Dirk Schmitt wrote:

Environment is ubuntu karmic / amd64.
rsyslog-gnutls 4.2.0-2ubuntu5.1

Reply at: https://bugs.launchpad.net/rsyslog/+bug/514079/comments/1

------------------------------------------------------------------------
On 2011-10-17T10:41:22+00:00 Rgerhards-j wrote:

closing this bug as the same issue never surfaced from someone else and
this is too much work for a single instant.

Reply at: https://bugs.launchpad.net/rsyslog/+bug/514079/comments/4


** Changed in: rsyslog
       Status: Confirmed => Won't Fix

** Bug watch added: Debian Bug tracker #563127
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=563127

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/514079

Title:
  rsyslog-gnutls can't validate V1 CA certificates

To manage notifications about this bug go to:
https://bugs.launchpad.net/rsyslog/+bug/514079/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to