[gnutls-devel] GnuTLS | SHA-1 root CA is rejected when %PROFILE_MEDIUM is set (#1202)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Mon May 3 16:55:37 CEST 2021

Daiki Ueno commented:

I took a closer look and realized that the reproducer is a bit special: that is, the last certificate in the chain is an intermediate CA, but there is also another CA in the system trust store, which shares the same key and the DN (Certum Trusted Network CA) but uses SHA-1 for the signature.

!1423 would cover this case, but I am not sure if we need a new flag.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1202#note_566098242
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20210503/2e30b7ff/attachment.html>

More information about the Gnutls-devel mailing list