[gnutls-dev] Re: Certificate verification failed

Simon Josefsson jas at extundo.com
Thu Oct 27 12:08:35 CEST 2005


Nikos Mavrogiannopoulos <nmav at gnutls.org> writes:

>> I think we should disable both MD2 and MD5, and introduce an API to
>> modify gnutls_certificate_verify_peers2, a'la
>>   gnutls_enable_insecure_algorithm (&session, GNUTLS_SIGN_RSA_MD2)
> This will not be necessary if we introduce the flags below. verify_peers2  
> will use the flags from gnutls_certificate_set_verify_flags().

Ah, right, I forgot about that interface.  Nice.

>> and a new gnutls_certificate_verify_flags enumeration type, for
>> gnutls_x509_crt_verify calls, e.g.:
>>   GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2
>>   GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5
> Yes it is indeed a very nice idea. Security must be an issue in the library.

Right.  I think the defaults should be slightly conservative.  Given
that MD2 is broken, and there is even information on how to produce
certificates with colliding signatures for MD5, I think we are way
passed the point of being slightly conservative in disabling them.

But we should have a way to re-enable them, first, to allow for
interoperability.

I'll take a stab at fixing this later today...

Thanks,
Simon



More information about the Gnutls-dev mailing list