Jay Lee writes:
That's not how an intermediate cert should be used. If this worked with OpenSSL, it was only by coincidence. The correct way to specify an intermediate cert is to append it to CERTFILE. Your CERTFILE should contain: your PEM-formatted private key, your PEM-formatted certificate, and the PEM-formatted intermediate cert, all in one file. I thought I had the code to support intermediate certs in the GnuTLS flavor, but it looks like I do not. Can you try applying the following patch and seeing if it works (with the intermediate cert set up as per above, in TLS_CERTFILE).OK, I tried the patch first, it resulted in a non-working SSL configuration (clients would die with an invalid TLS packet error). I then went back to a clean copy of 0.60 compiled against GnuTLS and tried concatenating the certificate and intermediary together like you said they're supposed to be which worked great. Not sure why it was working before with OpenSSL and not GnuTLS, maybe just a fluke like you said.
Ugh, this one's a headscratcher. Alghough it's good to know that it works for you, I need to figure this out. I must be missing something, but I don't see how this could possibly work with the present code, without the patch. gnutls_x509_crt_import() in the current code imports only one certificate from the PEM file, gnutls_x509_crt_list_import() is required to import the certificate chain. I think I know what I'll be doing one of these weekends…
pgpsE6rti2PUk.pgp
Description: PGP signature
------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
