On Fri, 2013-11-08 at 13:13 +0100, Christof Haerens wrote: > Well you helped me getting things to work, so if you need someone to > test these things with the Belgian EID, let me know. Thanks. I think I can probably reproduce this here, though. Intel uses a string of intermediate certs too, and if I deliberately remove one of them from my cafile and make sure it's present on my USB key, I can test the code which needs to look it up. I can make sure there's another CA with the *same* name in my key too, to make sure the code is picking the *right* one. Something which software has often got wrong. Once we think we have it working, then I'll get you to test without the explicit addition to your cafile, just to make sure. -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5745 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20131108/cbfe3389/attachment.bin>
