Author: Nikos Mavrogiannopoulos Date: To: David Woodhouse CC: Exim-users, Steve Madsen Subject: Re: [exim] TLS "certificate and the given key do not match"
On Mon, Jul 22, 2013 at 1:02 PM, David Woodhouse <dwmw2@???> wrote: >> Graeme, thanks for the push towards GNU TLS. There was just enough
>> chatter about how GNU TLS is more strict than OpenSSL for me to
>> ultimately discover the root cause.
> Have you reported this as a bug upstream to GnuTLS? If OpenSSL accepts
> these certs then it would seem sensible for GnuTLS to do so.
> If *not*, then you end up with GnuTLS being suboptimal as a replacement
> for OpenSSL for projects like Exim, because it doesn't let us remain
> backward-compatible with existing setups.
Hello,
I think that issue should be applicable to the 2.12.x series of
gnutls, not the 3.x which has quite several compatibility
improvements.