Verifying server certificate failed?!
Sven Geggus
lists at fuchsschwanzdomain.de
Thu Mar 15 16:19:08 CET 2012
Richard Moore <rich at kde.org> wrote:
> Your chain file includes the root certificate as well as the
> intermediate certificate. You should not be transmitting that one
There has been one unrelated certificate (the one for the User CA) in the
chain which caused the problem. Sending the root cert is probably tolerated.
I did not check this.
What I have now is the following:
SSLCertificateChainFile /path/to/file/with/all/intermediate/certs
SSLCACertificateFile /path/to/file/with/all/certs/including/root
Anything else causes trouble. My first try has been to put all certificates
into one file and point SSLCertificateChainFile and SSLCACertificateFile
to this file.
So I definitely think gnutls should be more tolerant about certificates
which are not in use but provided anyway.
Regards
Sven
--
"In my opinion MS is a lot better at making money than it is at making good
operating systems" (Linus Torvalds, August 1997)
/me is giggls at ircnet, http://sven.gegg.us/ on the Web
More information about the Gnutls-help
mailing list