Just noting for posterity, as of GnuTLS 2.8.0 (released 2009-05-27) you can use %VERIFY_ALLOW_X509_V1_CA_CRT in the TLSCipherSuite options to enable V1 CA certs. I will probably #ifdef the current OpenLDAP patch to turn it off for GnuTLS >= 2.8.0. (Haven't decided on best course of action yet, given http://bugs.debian.org/cgi- bin/bugreport.cgi?bug=541256 )
** Bug watch added: Debian Bug tracker #541256 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=541256 -- gnutls regression: failure in certificate chain validation https://bugs.launchpad.net/bugs/305264 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
