[gnutls-help] certificate issuer validation issue
Andreas Müller
andreas at stapelspeicher.org
Thu Aug 13 21:24:27 CEST 2015
Hi, recently I noticed that one of my e-mail accounts would not be
fetched and figured the problems would be gnutls. It cannot verify the
issuer.
Using openssl allows my client (mpop) to fetch the mails via TLS.
I am pretty sure it started when I updated the ca-certificates package
for my distribution. (Slackware64-current using ca-certificates_20150426.tar.xz, I guess they are from Debian)
The site in question is pop3.arcor-online.net:995
openssl validates the certificate, while gnutls (tested 3.2.15, 3.2.21
and 3.3.17) won't.
Is it a problem with gnutls, openssl, my local certificate files or
the site?
Maybe relevant sidenote: Using gnutls, mpop would show the issuer name
with a backslash.
"Thawte\, Inc." while using openssl just shows "Thawte, Inc.".
The same in "gnutls-cli" and "openssl s_client".
Thanks in advance,
Andreas Müller
More information about the Gnutls-help
mailing list