On 26 October 2012 14:15, Michal Suchanek <[email protected]> wrote: > Both GNUtls and OpenSSL refuse to verify the connection. > > I am not sure if the certificate is technically valid in this case or not. > > Any insight?
It is invalid, however browsers that cache intermediate certificates (which most do) are sometimes able to still find a trust path from the leaf to one of the trust anchors (root CAs) by using a more recent replacement for the intermediate certificate if they have encountered it on another site. The replacement intermediate certificates often reuse the same private key which is what makes this work. Regards Rich. _______________________________________________ Help-gnutls mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-gnutls
