Hi folks GnuTLS stopped accepting MD5 as a proper signature type for certificates just two weeks before the release. While I don't question the decision themself, MD5 is broken since 4 years, I question the timing. Yesterday several people started to complain that they could not longer connect to their ldap servers, many of them using pam-ldap and nss-ldap. A quick look showed certificates in the chain which was signed with MD5. Even many commercial or non-commercial CAs out there have MD5 signed certs somewhere in the chain and all of them will not longer work now until this intermediate certs will be trusted explicitely. Most of them already switched to SHA1 for their enduser certificates. So now we have a change in Lenny which will break many, many machines. It is neither properly documented in the NEWS file of the package themself nor in the release notes. Bastian -- Too much of anything, even love, isn't necessarily a good thing. -- Kirk, "The Trouble with Tribbles", stardate 4525.6
Attachment:
signature.asc
Description: Digital signature