Re: [SECURITY] [DSA 1719-1] New gnutls13 packages fix certificate validation
* Nicolas Boullis:
>> You could try if recompiling gnutls13 with this patch
>>
>> <http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=97;bug=514807>
>>
>> enables your setup to work.
>
> I just built it; it seems to work fine.
Thanks.
>> However, it is unlikely that we will
>> apply a similar change to lenny. (For etch, the best approach is
>> still somewhat unclear. But it's either changing gnutls13 in this
>> way, or keeping the current behavior; modifying all applications is
>> out of the question.)
>
> What's the problem with this patch?
The usual problem with X.509v1 certificates: if you add something to
the certificate store, assuming it's a server certificate, it turns
into a CA certificate. This might be a problem in some cases.
Reply to: