Bug#513922: Fails to verify good(?) signature
Joachim Breitner
nomeata at debian.org
Sun Feb 8 13:38:36 UTC 2009
Hi,
Am Samstag, den 07.02.2009, 19:37 +0100 schrieb Simon Josefsson:
> > Hello,
> >
> > I have just uploaded 2.4.2-6 (which is basically 2.4.3 without all the
> > changes from autogenerated files for easier review.) to unstable. This
> > should fix (workaround) your problem, since it makes t possible to
> > trust the intermediate cert.
>
> Thanks. I can confirm that it solves the problem:
>
> jas at mocca:~$ LD_PRELOAD=/usr/lib/libgnutls.so /usr/bin/gnutls-cli -VV fry.serverama.de -p 443 --x509cafile /usr/share/ca-certificates/cacert.org/root.crt
> ...
> - Peer's certificate is NOT trusted
>
> Which is correct since the chain contains a RSA-MD5 signature. (The
> better error message is not printed here though, that change was not
> back-ported.)
>
> Trying it again with the intermediate cert works fine:
>
> jas at mocca:~$ LD_PRELOAD=/usr/lib/libgnutls.so /usr/bin/gnutls-cli -VV fry.serverama.de -p 443 --x509cafile /usr/share/ca-certificates/cacert.org/class3.crt
> ...
> - Peer's certificate is trusted
>
> So I think everything works as expected now.
>
> So, shouldn't this bug be marked as fixed with 2.4.2-6?
Yes, it’s fine from my side. Thanks for fixing it.
Greetings,
Joachim
--
Joachim "nomeata" Breitner
Debian Developer
nomeata at debian.org | ICQ# 74513189 | GPG-Keyid: 4743206C
JID: nomeata at joachim-breitner.de | http://people.debian.org/~nomeata
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : http://lists.alioth.debian.org/pipermail/pkg-gnutls-maint/attachments/20090208/d2acfc81/attachment.pgp
More information about the Pkg-gnutls-maint
mailing list