[Help-gnutls] Re: gnutls_certificate_verify_peers2() / GNUTLS_CERT_INVALID
nmav at gnutls.org
Sun Jun 22 12:52:35 CEST 2008
Rainer Gerhards wrote:
> Some more info: asn1_read_value returns ASN1_ELEMENT_NOT_FOUND. The
> value in question is "pathLenConstraint", node is a non-NULL value (I
> put a printf() in _gnutls_x509_read_uint()).
>>>> 5292.675380113:main queue:Reg/w0: GnuTLS log msg, level 2: ASSERT: verify.c:301
>>>> 5292.741284540:main queue:Reg/w0: GnuTLS log msg, level 2: ASSERT: dn.c:1212
>>>> 5292.744965838:main queue:Reg/w0: GnuTLS log msg, level 2: ASSERT: verify.c:395
>>>> 5292.751276475:main queue:Reg/w0: GnuTLS returned no specific reason
>>>> for GNUTLS_CERT_INVALID, certificate status is 2
As far as I understand here the verification correctly does not succeed
because some DN's do not match. If you still think it is a gnutls bug,
please send a way for me to reproduce this problem (a chain of
certificates that should verify, and the way to produce them).
However I'd say to check if the certificate chain is correctly send etc.
More information about the Gnutls-help