On Sat, Oct 11, 2014 at 12:27:22PM +0200, Nikos Mavrogiannopoulos wrote: > On Fri, 2014-10-10 at 23:32 -0700, Louis Opter wrote: > > To be honest I am confused on what are you describing here and what is > the actual issue you are seeing. As far as I understand you have some > certificate chain that gnutls-cli reports that the "the name in the > certificate doesn't match". In that case you should check the CN of the > certificate and the subject alternative name.
Thank you for your help Nikos, in the end my issues boiled down to CN mismatches, which are being handled differently in OpenSSL and GnuTLS (I'd be happy to hear more about that btw). Everything ended-up being difficult to investigate because x509 is a lot of moving parts, because I fucked-up some config in taskwarrior and I also ran into the bug fixed by this commit at some point: https://gitorious.org/gnutls/gnutls/commit/4a7f52373c6623d9e8775814bdb18129a26a0f81 I still have to say that everything would have been a lot easier and a lot less confusing if the error reporting was better. Is there anything like gnutls_strerror but for the status variable set by the gnutls_certificate_verify_peers functions? Thanks -- Louis Opter _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
