On Fri, 2014-10-31 at 15:00 +0100, Nikos Mavrogiannopoulos wrote:
We should work with the upstream OpenSSL and the GnuTLS projects,
and
motivate them to implement more advanced path building. This would
be a
long term project.
Is there some issue with gnutls in F21? As far as I understand it should work as expected with the certificates removed.
It works as expected in the sense that GnuTLS can no longer handle major web sites like Amazon and Kickstarter, this being the natural consequence of removing a root before the certificates issued by it have expired....