Comment 65 for bug 305264

Mathias Gug wrote:
> @Andy:
>
> Could you describe the X509 certs and CA you're using?
>

We were using ldap and Verisign, and the root CA was a V2 from 1999
which signed an intermediate cert that signed the server certs.

I submitted to gnutls a few changes to allow for stoping at the
intermediate cert which I believe they added.

In the meantime, we turned off cert checking, and have now
replaced LDAP Verisign certs with certs issued localy.

I will send you a copy of the note to gnutls from 1/8/2009
which has the certs.

--

  Douglas E. Engert <email address hidden>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois 60439
  (630) 252-5444