[gnutls-devel] GnuTLS | Handle expiration of AddTrust root certificate (urgent) (#1008)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Sun May 31 13:00:16 CEST 2020

Daiki Ueno commented:

OK, the real cause seems to be that we actually look up the valid certificate from the trust store, but perform a sanity check against the original certificate (expired) and bail out. Note that !1271 fixes this on the systems using PKCS#11 trust store (i.e. Fedora, RHEL, etc), but does NOT fix the file based trust store (i.e. Debian, Ubuntu, etc). I'll look into it further.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1008#note_352448705
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200531/993c47d9/attachment.html>

More information about the Gnutls-devel mailing list