| Summary: | Use of GNUTLS_VERIFY_DO_NOT_ALLOW_SAME prevents connection with CAcert.org signed certificates | ||
|---|---|---|---|
| Product: | Wocky | Reporter: | Lars Noschinski <cebewee> |
| Component: | General | Assignee: | Telepathy bugs list <telepathy-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Telepathy bugs list <telepathy-bugs> |
| Severity: | normal | ||
| Priority: | medium | ||
| Version: | unspecified | ||
| Hardware: | Other | ||
| OS: | Linux (All) | ||
| Whiteboard: | |||
| i915 platform: | i915 features: | ||
|
Description
Lars Noschinski
2010-06-21 03:45:20 UTC
There was additional discussion[0] and the solution is now less clear to me. A fix changing the behaviour of GNUTLS_VERIFY_DO_NOT_ALLOW_SAME was committed to the gnutls repository. But to quote one of the gnutls developers, using the flag is quite sensible: | The GNUTLS_VERIFY_DO_NOT_ALLOW_SAME is a flag, to make the trusted | certificate list, a list that can only certify other keys. That is it | will not allow a certificate from this list to be used as a server | certificate. So how it works it depends on your usage of this list. If | you add end server certificates there maybe | GNUTLS_VERIFY_DO_NOT_ALLOW_SAME is not a good option for you. But for | other uses it is quite sensible. So, whether this flag should be set depends on whether _server_ certificates are expected in the certificate store. This will probably be the case if a GUI for certificate handling exists in Empathy? [0] http://thread.gmane.org/gmane.network.gnutls.general/2037 Fixed in git, and in the snapshot in Gabble 0.9.14. Thanks for your patch! |
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.