On 10.03.2011 08:54, Nikos Mavrogiannopoulos wrote: > On 03/10/2011 04:14 AM, Vedran Furač wrote: > >>>>>> - subject `blahblah', issuer `blahblah', RSA key 1024 bits, signed >>>>>> using RSA-SHA, activated `2006-07-22 12:59:58 UTC', expires `2009-07-21 >>>>>> 12:59:58 UTC', SHA-1 fingerprint >>>>>> `ec5248b3194be9fda5639b59458962bc9bee32cc' >>>>> Looks like one of certs had expired? >>>> >>>> That could be the problem, but that would indicate a bug in the all >>>> previous versions of gnutls. >>> >>> The expiration checking had to be explicitly done by the application using >>> gnutls in the previous version. Implicit checking by gnutls was added in >>> 2.8.x. >> 2.8? But it works for me in 2.8.6, something is changed in 2.10.x. > > The change in 2.10 was that the intermediate and CA certificates are > being checked for expiration as well.
OK, that would explain it. >>> I don't understand your point. Is the certificate expired or not? >> Sure, it's expired, but gnutls fails to detect that and is blabbing about: >> >> TLS: peer cert untrusted or revoked (0x402) >> TLS: can't connect: (unknown error code). >> or >> GnuTLS error: Error in the certificate. > > gnutls is a library it doesn't print anything. This is an application issue. Fine then, the latter (GnuTLS error: Error in the certificate.) is the output of gnutls-cli, bug is there then. Anyway, you can close the report. Regards, Vedran
<<attachment: vedran_furac.vcf>>
