Verifying server certificate failed?!
Sven Geggus
lists at fuchsschwanzdomain.de
Thu Mar 15 23:11:02 CET 2012
Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote:
> I don't think this is a good idea. The protocol exactly specifies which
> certificates should be present. It does not allow any kind of additional
> information to be present so by providing it you violate the protocol.
RFC documents are not set in stone. Quite the opposite, their sole
purpose is to enable interoperability. So if breaking the rules is
good for interoperability the RFC should be changed in the first
place.
Back to the original discussion. FF, chrome and even IE do not care about
the unnecessary certificates at all.
> On the practical side, a simpler parser allows for simpler code and
> thus less bugs.
*granted*
Sven
--
"Der wichtigste Aspekt, den Sie vor der Entscheidung für ein Open
Source-Betriebssystem bedenken sollten, ist, dass Sie kein
Windows-Betriebssystem erhalten." (von http://www.dell.de/ubuntu)
/me is giggls at ircnet, http://sven.gegg.us/ on the Web
More information about the Gnutls-help
mailing list