Verifying server certificate failed?!

Sven Geggus lists at
Thu Mar 15 23:11:02 CET 2012

Nikos Mavrogiannopoulos <nmav at> wrote:

> I don't think this is a good idea. The protocol exactly specifies which
> certificates should be present. It does not allow any kind of additional
> information to be present so by providing it you violate the protocol.

RFC documents are not set in stone. Quite the opposite, their sole
purpose is to enable interoperability. So if breaking the rules is
good for interoperability the RFC should be changed in the first

Back to the original discussion. FF, chrome and even IE do not care about
the unnecessary certificates at all.

> On the practical side, a simpler parser allows for simpler code and
> thus less bugs.



"Der wichtigste Aspekt, den Sie vor der Entscheidung für ein Open
Source-Betriebssystem bedenken sollten, ist, dass Sie kein
Windows-Betriebssystem erhalten." (von
/me is giggls at ircnet, on the Web

More information about the Gnutls-help mailing list