Hi, Florian Weimer wrote: > > In addition, this update tightens the checks for X.509v1 certificates > which causes GNUTLS to reject certain certificate chains it accepted > before. (In certificate chain processing, GNUTLS does not recognize > X.509v1 certificates as valid unless explicitly requested by the > application.)
What the hell? After upgrading libgnutls13, our server could not anymore connect to our LDAP server, apparently because it does not like its certificate chain anymore... Our servers use commercial certificates, with "GTE CyberTrust Global Root" as the root certificate. It apparently is a v1 x509 certificate... What is the solution for me? Should I rebuild all the applications and libraries that use libgnutls, so that they request to accept x509v1 certificates? How? -- Nicolas Boullis -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
