[gnutls-help] The certificate chain violates the signer's constraints.
Nikos Mavrogiannopoulos
nmav at gnutls.org
Wed Jul 1 11:02:54 CEST 2015
On Wed, Jul 1, 2015 at 10:45 AM, Andreas Freimuth
<andreas_freimuth at web.de> wrote:
>> That looks like a bug in gnutls. The reason it is rejected is because
>> you have an IP address constraint which is not checked by gnutls. That
>> shouldn't have been rejected though because there is no IP address set
>> in the server certificate. Anyway the simple fix is to remove the IP
>> constraint which is allow everything anyway.
> Thanks. The Workaround works.
> btw:
> The IP constraint is a MUST have, by the CA/Browser Forum Baseline
> Requirements ([1] 7.1.5)
I'll have a fix soon.
Thanks for reporting that.
More information about the Gnutls-help
mailing list