deprecating MD5 in signature verification for gnutls-{cli, serv}

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Jan 6 06:20:15 CET 2009


On 01/05/2009 02:31 PM, Daniel Kahn Gillmor wrote:
>  I'm sorry that i haven't had the time to debug this further yet.

Ok, i got to look into it tonight with gdb against the gnutls 2.6.3
libraries (i'm using the versions from debian experimental).  here's
what i found:

gnutls_certificate_verify_peers2() ultimately calls
_gnutls_verify_certificate2(), which (at lib/x509/verify.c:321) properly
sets the flags in the output variable, but does not set ret to 0.

gnutls_x509_crt_list_verify(), the immediate caller of
_gnutls_verify_certificate2(), does not check the data in *output unless
the return code is actually zero.

So i suspect that the following is the correct patch (against the git
head), but i have not tested it yet (and i need to sleep before it gets
any later):

diff --git a/lib/x509/verify.c b/lib/x509/verify.c
index 02964ba..c00b4bf 100644
--- a/lib/x509/verify.c
+++ b/lib/x509/verify.c
@@ -320,6 +320,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert,
 	{
 	  if (output)
 	    *output |= GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID;
+	  ret = 0;
 	}
     }

@@ -1036,6 +1037,7 @@ _gnutls_verify_crl2 (gnutls_x509_crl_t crl,
       {
 	if (output)
 	  *output |= GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID;
+	ret = 0;
       }
   }

Any thoughts about this proposal?  This would affect the built-in X.509
verification routines, not just gnutls-cli and gnutls-serv.

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 890 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090106/5f8e882e/attachment.pgp>


More information about the Gnutls-devel mailing list