openssl-osx-ca
openssl-osx-ca copied to clipboard
Generated certificate pem contains non-CA certificates
As reported in #23:
Heads up gnutls appears to be slightly more strict on what is considers to be a CA certificate.
Using the cert.pem generated by this script there are a few certs which cause a warning to be displayed by gnutls:
$ gnutls-cli google.com |<1>| There was a non-CA certificate in the trusted list: CN=com.apple.systemdefault,O=System Identity. |<1>| There was a non-CA certificate in the trusted list: CN=com.apple.kerberos.kdc,O=System Identity. ... Processed 173 CA certificate(s). Resolving 'google.com:443'... Connecting to '2a00:1450:4009:80b::200e:443'... - Certificate type: X.509
gnutls still functions correctly.