Bug#507633: libgnutls26: GnuTLS does not know VeriSign any more

Nikos Mavrogiannopoulos nmav at gnutls.org
Thu Dec 4 08:06:38 CET 2008


Andreas Metzler wrote:
> On 2008-12-03 Michael Kiefer <Michael-Kiefer at web.de> wrote:
>> Package: libgnutls26
>> Version: 2.4.2-3
>> Severity: important
> 
>> Since I updated libgnutls26 from 2.4.2-1 to 2.4.2-3 kMyMoney2 does
>> not connect to my bank any more.  When I run gnutls-cli --insecure
>> -p 443 hbci-pintan-rp.s-hbci.de -d 4711 --print-cert it says
> 
>> - Peer's certificate issuer is unknown
>> - Peer's certificate is NOT trusted
> [...]
> 
> FWIW adding or dropping
> http://svn.debian.org/wsvn/pkg-gnutls/packages/gnutls26/trunk/debian/patches/20_GNUTLS-SA-2008-3.patch?op=file&rev=0&sc=0
> indeed makes
> 
> gnutls-cli  -p 443 hbci-pintan-rp.s-hbci.de --x509cafile \
> /etc/ssl/certs/ca-certificates.crt

It seems to me that MD2 is missing from newer gnutls and this is the
reason why it fails. libgcrypt has the MD2 enumeration but not the
actual implementation and this tricked me into removing the included
md2. I will try to revert the old behavior of using an included version
of md2.

regards,
Nikos





More information about the Gnutls-devel mailing list