On 03/10/2011 04:14 AM, Vedran Furač wrote: >>>>> - subject `blahblah', issuer `blahblah', RSA key 1024 bits, signed >>>>> using RSA-SHA, activated `2006-07-22 12:59:58 UTC', expires `2009-07-21 >>>>> 12:59:58 UTC', SHA-1 fingerprint >>>>> `ec5248b3194be9fda5639b59458962bc9bee32cc' >>>> Looks like one of certs had expired? >>> >>> That could be the problem, but that would indicate a bug in the all >>> previous versions of gnutls. >> >> The expiration checking had to be explicitly done by the application using >> gnutls in the previous version. Implicit checking by gnutls was added in >> 2.8.x. > 2.8? But it works for me in 2.8.6, something is changed in 2.10.x.
The change in 2.10 was that the intermediate and CA certificates are being checked for expiration as well. >> I don't understand your point. Is the certificate expired or not? > Sure, it's expired, but gnutls fails to detect that and is blabbing about: > > TLS: peer cert untrusted or revoked (0x402) > TLS: can't connect: (unknown error code). > or > GnuTLS error: Error in the certificate. gnutls is a library it doesn't print anything. This is an application issue. regards, Nikos -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
