[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Big CA certificate bundle causes problems with GnuTLS 3.0.11
|
From: |
Phil Pennock |
|
Subject: |
Re: Big CA certificate bundle causes problems with GnuTLS 3.0.11 |
|
Date: |
Tue, 29 May 2012 23:47:54 -0400 |
On 2012-05-30 at 03:10 +0000, Janne Snabb wrote:
> Google is one big e-mail sender that presents a client certificate signed
> by one of the ~150 "well-known" CAs (I have not checked which one). There
> are other similar but smaller mail senders also.
Equifax, apparently:
52394 SSL verify ok: depth=2 cert=/C=US/O=Equifax/OU=Equifax Secure Certificate
Authority
52394 SSL verify ok: depth=1 cert=/C=US/O=Google Inc/CN=Google Internet
Authority
52394 SSL peer: /C=US/ST=California/L=Mountain View/O=Google
Inc/CN=smtp.gmail.com
Hrm, Exim needs a +tls_peer_issuerdn log selector.
-Phil
Re: Big CA certificate bundle causes problems with GnuTLS 3.0.11, Nikos Mavrogiannopoulos, 2012/05/29