© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
From the debian bugreport:
"""
Being liberal in what you accept for security protocol implementations
is almost always a bad idea in my experience.
The chain validation implementation in GnuTLS is far from perfect, and
I'd like to have one that would fully conform to RFC 5280. However,
sorting the chain sounds like a step in the wrong direction to me. This
issue is a rare problem, and working around the problem in GnuTLS
doesn't help: the server remains broken for any other implementations.
It seems better to me that you notice the problem as quickly as
possible, rather than much later when it can be more difficult to
understand what the problem is.
I'm tagging this bug as wontfix and retitling it, so others can find the
discussion easier. (I'm only speaking as upstream GnuTLS maintainer,
the debian GnuTLS maintainers could disagree and patch this problem in
the debian packages if they think it is a good idea to do so.)
"""
Similar replies on http://
(and http://