Craig Ringer <craig@postnewspapers.com.au> writes:
> Bug 5245 is not the same issue. They're talking about the server not
> sending the full certificate chain for the cert that identifies the
> server (server.crt). It's nothing to do with client certificates.
> Without the full chain, the client can't verify the server unless it
> happens to already have the intermediate certs between the server's cert
> and the trusted root that signed it installed locally. I haven't
> encountered #5245 myself, but will test it shortly to verify. It'd
> certainly count as a significant bug, as it would make it impossible to
> use indirect trust to verify a server (as is the case when a corporate
> CA signed by a "big name" CA is in use).
BTW, does anyone know exactly how to fix that? I'm looking at a related
request internal to Red Hat right now.
regards, tom lane