[gnutls-help] certificate issuer validation issue

Andreas Müller andreas at stapelspeicher.org
Thu Aug 13 21:24:27 CEST 2015

Hi, recently I noticed that one of my e-mail accounts would not be
fetched and figured the problems would be gnutls. It cannot verify the
Using openssl allows my client (mpop) to fetch the mails via TLS.

I am pretty sure it started when I updated the ca-certificates package
for my distribution. (Slackware64-current using ca-certificates_20150426.tar.xz, I guess they are from Debian)

The site in question is pop3.arcor-online.net:995

openssl validates the certificate, while gnutls (tested 3.2.15, 3.2.21
and 3.3.17) won't.

Is it a problem with gnutls, openssl, my local certificate files or
the site?

Maybe relevant sidenote: Using gnutls, mpop would show the issuer name
with a backslash.
"Thawte\, Inc." while using openssl just shows "Thawte, Inc.".
The same in "gnutls-cli" and "openssl s_client".

Thanks in advance,
Andreas Müller

More information about the Gnutls-help mailing list