Hi again, Nikos, On 13.12.2017 11:38, Johannes Bauer wrote:
> The certificate that I pass to to gnutls-cli is that exact root > certificate. So IMHO, gnuTLS should have all the required trust > prerequisites to validate the certificate, shouldn't it? I will now also > try to make the server send the root CA cert as well in its response and > see if that changes the behavior. Indeed it does! When the server includes its root of trust in the CA certificate chain send to the client, the gnuTLS client accepts the OCSP ticket as valid, even thoght the client already has access to that certificate via its trust store. So, for now, this works as a workaround for me -- but I do think that is unintended behavior on gnuTLS' side, isn't it? Thanks for helping me with this, Kind regards, Johannes _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
