Gnu TLS needs to be more tolerant of mistakes in certificate chain order.
nmav at gnutls.org
Sun Sep 16 21:34:37 CEST 2012
On 09/14/2012 12:00 PM, Stephen Baynes wrote:
> Gnu TLS needs to be more tolerant of mistakes in certificate chain order.
> That is over 2% of the original sample, small but hardly insignificant.
> The one good thing is that in all cases the first entry in the chain was
> the correct
> one which makes it much easier to know where to start.
Thank you for the insight. This is long asked feature and I'm pretty
convinced that the real-world server certificate lists are a mess. I
plan to add it in one of the upcoming releases.
More information about the Gnutls-devel