Hi, Am Samstag, den 07.02.2009, 19:37 +0100 schrieb Simon Josefsson: > > Hello, > > > > I have just uploaded 2.4.2-6 (which is basically 2.4.3 without all the > > changes from autogenerated files for easier review.) to unstable. This > > should fix (workaround) your problem, since it makes t possible to > > trust the intermediate cert. > > Thanks. I can confirm that it solves the problem: > > j...@mocca:~$ LD_PRELOAD=/usr/lib/libgnutls.so /usr/bin/gnutls-cli -VV > fry.serverama.de -p 443 --x509cafile > /usr/share/ca-certificates/cacert.org/root.crt > ... > - Peer's certificate is NOT trusted > > Which is correct since the chain contains a RSA-MD5 signature. (The > better error message is not printed here though, that change was not > back-ported.) > > Trying it again with the intermediate cert works fine: > > j...@mocca:~$ LD_PRELOAD=/usr/lib/libgnutls.so /usr/bin/gnutls-cli -VV > fry.serverama.de -p 443 --x509cafile > /usr/share/ca-certificates/cacert.org/class3.crt > ... > - Peer's certificate is trusted > > So I think everything works as expected now. > > So, shouldn't this bug be marked as fixed with 2.4.2-6?
Yes, it’s fine from my side. Thanks for fixing it. Greetings, Joachim -- Joachim "nomeata" Breitner Debian Developer [email protected] | ICQ# 74513189 | GPG-Keyid: 4743206C JID: [email protected] | http://people.debian.org/~nomeata
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
