On Fri, 2014-04-04 at 14:49 -0400, Stephen Nightingale wrote: > I am running GnuTLS 3.1.16 as both client and server, with a python-gnutls > wrapper extended to check for DANE certificate uses, here: > https://www.had-pilot.com/dane/danelaw.html. > > The GnuTLS server is running all 0xx and 1xx DANE certificate uses, serving > a single end certificate per use. It runs 24/7 robustly. It can only > be configured to take a single end certificate for the server handshake. > When presented with a concatenation of PEM certs, it will send only the > end cert in the server side handshake. This is curious, because the GnuTLS > client will retrieve the full cert chain in communication with, e.g., > the TLSlite server. > > I tried this with gnutls-cli and gnutls-serve, configuring the server with > a concatenated PEM chain, with the same result: only the end cert is > delivered to the client. > > Has this issue been fixed in subsequent versions of GnuTLS? Are there plans > to fix it?
If that's the case then it's a bug, but by trying 3.1.22 by setting a correct chain in gnutls-serv, I see in gnutls-cli "- Got a certificate list of 3 certificates." regards, Nikos _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
