On 05/30/2009 07:05 PM, Roland Winkler wrote: > Unknown extension 2.16.840.1.113730.1.13 (not critical): > ASCII: .!YaST Generated Server Certificate > Hexdump: > 1621596153542047656e65726174656420536572766572204365727469666963617465 [...] > Key Usage (not critical): > Key encipherment.
this looks to have been created by YaST, and it seems to be set up oddly: RFC 5280 suggests that the keyUsage extension SHOULD be critical, and if the service was configured (maybe also by YaST), it should maybe have been configured to match. I've opened https://bugzilla.novell.com/show_bug.cgi?id=508844 to suggest that YaST should behave differently. Roland, if you can follow up there with more details about how the cert in question was created and how the service was configured, we might be able to prevent this from tripping up other folks in the future. Regards, --dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
