>From the debian bugreport: """ Being liberal in what you accept for security protocol implementations is almost always a bad idea in my experience.
The chain validation implementation in GnuTLS is far from perfect, and I'd like to have one that would fully conform to RFC 5280. However, sorting the chain sounds like a step in the wrong direction to me. This issue is a rare problem, and working around the problem in GnuTLS doesn't help: the server remains broken for any other implementations. It seems better to me that you notice the problem as quickly as possible, rather than much later when it can be more difficult to understand what the problem is. I'm tagging this bug as wontfix and retitling it, so others can find the discussion easier. (I'm only speaking as upstream GnuTLS maintainer, the debian GnuTLS maintainers could disagree and patch this problem in the debian packages if they think it is a good idea to do so.) """ Similar replies on http://thread.gmane.org/gmane.network.gnutls.general/1383 (and http://thread.gmane.org/gmane.ietf.tls/3782). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1043376 Title: Certificate issues for different 3d secure server To manage notifications about this bug go to: https://bugs.launchpad.net/software-center/+bug/1043376/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
