A short note for people not fluent in reading the output (like me!) - courtesy to Marc for helping me with this:
Certificate[0] info says in the "issuer" line: CN=VeriSign Class 3 International Server CA - G3
Certificate[1] says in its "subject" line: CN=VeriSign Class 3 Public Primary Certification Authority - G5' and the issuer is a primary certificate (i.e. no CN line)
Certificate[2] has a "subject" line: CN=VeriSign Class 3 International Server CA - G3' and the "issuer" is CN=VeriSign Class 3 Public Primary Certification Authority - G5'
So either the gnutls should support out-of-order certificates or we must use openssl or the server fixes the ordering and sends the current Certificate[2] before it sends Certificate[1].
AIUI the relevant rfc does not allow out-of-order sending but many clients are tolerant (gnutls is not). Unfortuantely I could not find a reference to quote.
A short note for people not fluent in reading the output (like me!) - courtesy to Marc for helping me with this:
Certificate[0] info says in the "issuer" line: CN=VeriSign Class 3 International Server CA - G3
Certificate[1] says in its "subject" line: CN=VeriSign Class 3 Public Primary Certification Authority - G5' and the issuer is a primary certificate (i.e. no CN line)
Certificate[2] has a "subject" line: CN=VeriSign Class 3 International Server CA - G3' and the "issuer" is CN=VeriSign Class 3 Public Primary Certification Authority - G5'
So either the gnutls should support out-of-order certificates or we must use openssl or the server fixes the ordering and sends the current Certificate[2] before it sends Certificate[1].
AIUI the relevant rfc does not allow out-of-order sending but many clients are tolerant (gnutls is not). Unfortuantely I could not find a reference to quote.