Big CA certificate bundle causes problems with GnuTLS 3.0.11
Janne Snabb
snabb at epipe.com
Wed May 30 05:10:15 CEST 2012
On Tue, 29 May 2012, Sam Varshavchik wrote:
> I suppose someone might want, for some odd reason, to blow a wad of cash on
> having some public CA sign some certs, for their clients, even though it's
> trivial to set up your own cert, and do it yourself for free. But, still, in
> that case, at the very least you should only load /that/ CA, and not the whole
> bundle.
Google is one big e-mail sender that presents a client certificate signed
by one of the ~150 "well-known" CAs (I have not checked which one). There
are other similar but smaller mail senders also.
--
Janne Snabb / EPIPE Communications
snabb at epipe.com - http://epipe.com/
More information about the Gnutls-help
mailing list