Comment 78 for bug 305264

Howard Chu (hyc) wrote :

Just noting for posterity, as of GnuTLS 2.8.0 (released 2009-05-27) you can use %VERIFY_ALLOW_X509_V1_CA_CRT in the TLSCipherSuite options to enable V1 CA certs. I will probably #ifdef the current OpenLDAP patch to turn it off for GnuTLS >= 2.8.0. (Haven't decided on best course of action yet, given http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=541256 )