[Bug 28643] New: Use of GNUTLS_VERIFY_DO_NOT_ALLOW_SAME prevents connection with CAcert.org signed certificates

Mon Jun 21 12:45:20 CEST 2010

https://bugs.freedesktop.org/show_bug.cgi?id=28643

           Summary: Use of GNUTLS_VERIFY_DO_NOT_ALLOW_SAME prevents
                    connection with CAcert.org signed certificates
           Product: Wocky
           Version: unspecified
          Platform: Other
        OS/Version: Linux (All)
            Status: NEW
          Severity: normal
          Priority: medium
         Component: General
        AssignedTo: telepathy-bugs at lists.freedesktop.org
        ReportedBy: cebewee at gmx.de
         QAContact: telepathy-bugs at lists.freedesktop.org

If using the WOCKY_TLS_VERIFY_NORMAL level, wocky sets the flag
"GNUTLS_VERIFY_DO_NOT_ALLOW_SAME". This prevents connecting to servers (e.g.
jabberd.jabber.ccc.de) with a certificate signed by CAcert.org, with error
GNUTLS_CERT_INSECURE_ALGORITHM; even if both root and class3 certificates[0]
are installed. Removing this flags yields a successful connection.

I asked on the gnutls mailing list about this flag and using this flag seems
useless here[1].

So I suggest removing it.

[0] http://www.cacert.org/index.php?id=3
[1] http://thread.gmane.org/gmane.network.gnutls.general/2037

-- 
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.