gpgsm: not checking root certificate (was Re: [PATCH] MD2 for libgcrypt)
Stephan Mueller
smueller at chronox.de
Mon Jul 26 09:26:35 CEST 2010
Hi,
quoting Werner:
> > Yes, agreed from my side as well. But what can you do if customers force
you
> > to use it, even with MD2?
>
> An option might be to add flag to trustlist.txt, similar to "relax",
> which suppresses validation of the root certificate.
>
> I agree that validation of the root certifciate is not necessary because
> we check the fingerprint anyway. However that extra check revealed some
> probelms in the past and thus I don't want to drop it completely. I
> can't remeber but there might have been a specification which required
> this validation.
>
> This won't help Daniel's request for adding a MD2 to use libgcrypt as a
> crypto bench.
Do you think of something like the attached patches (they are not tested yet)?
Ciao
Stephan
--
| Cui bono? |
-------------- next part --------------
A non-text attachment was scrubbed...
Name: call-agent.c.patch
Type: text/x-patch
Size: 404 bytes
Desc: not available
URL: </pipermail/attachments/20100726/35e589e6/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gpgsm.h.patch
Type: text/x-patch
Size: 418 bytes
Desc: not available
URL: </pipermail/attachments/20100726/35e589e6/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: certchain.c.patch
Type: text/x-patch
Size: 638 bytes
Desc: not available
URL: </pipermail/attachments/20100726/35e589e6/attachment-0002.bin>
More information about the Gnupg-devel
mailing list