[gnutls-devel] Name constraint error?
Nikos Mavrogiannopoulos
nmav at gnutls.org
Sun Dec 20 18:09:13 CET 2015
On Sun, Dec 20, 2015 at 5:37 PM, Andreas Metzler <ametzler at bebt.de> wrote:
> The error happens at the CA->intermed step.
> host
> Issuer: C=GR,O=Aristotle University of Thessaloniki,CN=Aristotle University of Thessaloniki Central CA R5
> Subject: C=GR,O=Aristotle University of Thessaloniki,OU=IT Center,CN=cdn.it.auth.gr
> intermed CA
> Issuer: C=GR,O=Hellenic Academic and Research Institutions Cert. Authority,CN=Hellenic Academic and Research Institutions RootCA 2011
> Subject: C=GR,O=Aristotle University of Thessaloniki,CN=Aristotle University of Thessaloniki Central CA R5
> root CA
> Issuer: C=GR,O=Hellenic Academic and Research Institutions Cert. Authority,CN=Hellenic Academic and Research Institutions RootCA 2011
> Subject: C=GR,O=Hellenic Academic and Research Institutions Cert. Authority,CN=Hellenic Academic and Research Institutions RootCA 2011
> Name Constraints (not critical):
> Permitted:
> DNSname: .gr
> DNSname: .eu
> DNSname: .edu
> DNSname: .org
> RFC822Name: .gr
> RFC822Name: .eu
> RFC822Name: .edu
> RFC822Name: .org
> I suspect that the Name Constraints might cause the error.
Indeed. That's one of the few CAs using name constraints and
unfortunately it uses them wrong.
I had an open issue at https://gitlab.com/gnutls/gnutls/issues/3
which was resolved at the 3.4.x branch.
regards,
Nikos
More information about the Gnutls-devel
mailing list