On Fri, 2014-10-31 at 15:00 +0100, Nikos Mavrogiannopoulos wrote: > > Sorry for my late reply, because I didn't have a good suggestion > > earlier. > > > > We should work with the upstream OpenSSL and the GnuTLS projects, and > > motivate them to implement more advanced path building. This would be a > > long term project. > > Is there some issue with gnutls in F21? As far as I understand it should > work as expected with the certificates removed.
I confirm that using GnuTLS 3.3.9-2.fc21 on Fedora 21 testing, with ca-certificates-2014.2.1-1.3.fc21, and ca-legacy set to disabled, the command gnutls-cli -p443 www.amazon.com reports a trusted certificate. That's great, thanks Nikos for fixing it in the newer GnuTLS on Fedora 21! (Just for the record, using gnutls 3.1.27 on Fedora 20, and a scratch build of the new ca-certificates package, and set to disabled, the certificate is still rejected, which I understand is because of the older GnuTLS version.) If anyone can still see problems with GnuTLS and the above configuration (disable) on Fedora 21, please let us know which site has the issue. This means, the remaining package that needs fixing is OpenSSL. Thanks Kai -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
