Gnu TLS needs to be more tolerant of mistakes in certificate chain order.

Nikos Mavrogiannopoulos nmav at gnutls.org
Sun Sep 16 21:34:37 CEST 2012


On 09/14/2012 12:00 PM, Stephen Baynes wrote:

> Gnu TLS needs to be more tolerant of mistakes in certificate chain order.
[...]
> That is over 2% of the original sample, small but hardly insignificant.
> The one good thing is that in all cases the first entry in the chain was
> the correct
> one which makes it much easier to know where to start.


Thank you for the insight. This is long asked feature and I'm pretty
convinced that the real-world server certificate lists are a mess. I
plan to add it in one of the upcoming releases.

regards,
Nikos




More information about the Gnutls-devel mailing list