deprecating MD5 in signature verification for gnutls-{cli, serv}
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon Jan 5 20:31:12 CET 2009
On 01/05/2009 01:48 PM, Tomas Mraz wrote:
> If the only MD5 used in signatures is in the _trusted_ CA cert (and not
> in the leaf and intermediate certificates) it is OK. But it is not the
> case of the support.mayfirst.org site. But I don't see how the removal
> of the last selfsigned certificate from the chain could break the
> algorithm. There must be some different bug in play.
I agree with this assessment. It would be really useful in debugging if
certtool was able to use the same internal algorithm that the other
tools use. I'm sorry that i haven't had the time to debug this further yet.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 890 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090105/c02da6bb/attachment.pgp>
More information about the Gnutls-devel
mailing list