Re: Whoos with GnuTLS and md5-signed certificates

To: debian-devel@lists.debian.org
Cc: debian-release@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>
Subject: Re: Whoos with GnuTLS and md5-signed certificates
From: Florian Weimer <fw@deneb.enyo.de>
Date: Sat, 14 Feb 2009 14:32:01 +0100
Message-id: <87bpt5gn5a.fsf@mid.deneb.enyo.de>
In-reply-to: <20090213134617.GA27183@wavehammer.waldi.eu.org> (Bastian Blank's message of "Fri, 13 Feb 2009 14:46:17 +0100")
References: <20090213134617.GA27183@wavehammer.waldi.eu.org>

* Bastian Blank:

> GnuTLS stopped accepting MD5 as a proper signature type for certificates
> just two weeks before the release. While I don't question the decision
> themself, MD5 is broken since 4 years, I question the timing.

GNUTLS has rejected RSA-MD5 signatures in X.509 certificate chains
since version 1.2.9.

> Yesterday several people started to complain that they could not longer
> connect to their ldap servers, many of them using pam-ldap and nss-ldap.
> A quick look showed certificates in the chain which was signed with MD5.

Are you sure this isn't #514807?

Reply to:

Follow-Ups:
- Re: Whoos with GnuTLS and md5-signed certificates
  - From: Andreas Metzler <ametzler@downhill.at.eu.org>
- Re: Whoos with GnuTLS and md5-signed certificates
  - From: Brian May <brian@microcomaustralia.com.au>

References:
- Whoos with GnuTLS and md5-signed certificates
  - From: Bastian Blank <waldi@debian.org>

Prev by Date: Re: CD/DVD image names
Next by Date: Re: SuiteSparse 3.2.0
Previous by thread: Whoos with GnuTLS and md5-signed certificates
Next by thread: Re: Whoos with GnuTLS and md5-signed certificates
Index(es):
- Date
- Thread