Red Hat Bugzilla –
Attachment 938252 Details for
Bug 1142137GnuTLS doesn't find alternative chain of trust if SSL/TLS server includes additional intermediate CA certificate pointing to removed legacy root CA certificate (in this case, to a Verisign 1024-bit certificate from 1996 that got recently distrusted)