[gnutls-help] The certificate chain violates the signer's constraints.

Nikos Mavrogiannopoulos nmav at gnutls.org
Wed Jul 1 11:02:54 CEST 2015

On Wed, Jul 1, 2015 at 10:45 AM, Andreas Freimuth
<andreas_freimuth at web.de> wrote:
>> That looks like a bug in gnutls. The reason it is rejected is because
>> you have an IP address constraint which is not checked by gnutls. That
>> shouldn't have been rejected though because there is no IP address set
>> in the server certificate. Anyway the simple fix is to remove the IP
>> constraint which is allow everything anyway.
> Thanks. The Workaround works.
> btw:
> The IP constraint is a MUST have, by the CA/Browser Forum Baseline
> Requirements ([1] 7.1.5)

I'll have a fix soon.

Thanks for reporting that.

More information about the Gnutls-help mailing list