Intermediate Certificate problem

Simon Brown simon at
Thu Jul 8 18:37:21 CEST 2010

At Thu, 08 Jul 2010 17:59:28 +0200,
Nikos Mavrogiannopoulos <nmav at> wrote:
> It seems that the program you are using should set the verification flag
> to allow X.509 V.1 certificates. This is done with the
> gnutls_certificate_set_verify_flags(xcred,
> call. For some reason it wasn't default in gnutls-cli as well. I've set
> it now.
Wanderlust is an emacs application, I believe it was using gnutls-cli
directly rather than calling library code.

I shall pass this onto the Wanderlust packager and perhaps the gnutls-cli
packager as a patch is needed.

> By default we disable version 1 certificates since it is not possible to
> distinguish CA certificates from end-user (server) certificates. If one
> is sure that his trusted certificate storage only contains CA
> certificates, then this flag should be specified.



More information about the Gnutls-help mailing list