Big CA certificate bundle causes problems with GnuTLS 3.0.11
Phil Pennock
help-gnutls-phil at spodhuis.org
Wed May 30 05:47:54 CEST 2012
On 2012-05-30 at 03:10 +0000, Janne Snabb wrote:
> Google is one big e-mail sender that presents a client certificate signed
> by one of the ~150 "well-known" CAs (I have not checked which one). There
> are other similar but smaller mail senders also.
Equifax, apparently:
52394 SSL verify ok: depth=2 cert=/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
52394 SSL verify ok: depth=1 cert=/C=US/O=Google Inc/CN=Google Internet Authority
52394 SSL peer: /C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
Hrm, Exim needs a +tls_peer_issuerdn log selector.
-Phil
More information about the Gnutls-help
mailing list