Bug#514807: Regression in libgnutls security update

Simon Josefsson simon at josefsson.org
Thu Feb 12 09:32:07 UTC 2009

Florian Weimer <fw at deneb.enyo.de> writes:

> * Simon Josefsson:
>> What can be done here is to produce better documentation, perhaps in
>> release notes.  People must be aware that trusting X.509 certificate
>> chains containing RSA-MD5 signatures or V1 CAs is insecure.
> I think it is somewhat debatable if this also applies to the root CA
> container, where the X.509 structure is just use as a transport for
> key material.  The RSA-MD5 signature does not hurt there

Agreed.  That is how GnuTLS works now; it doesn't validate signatures in
trusted CA certificates.

> and the DN doesn't really matter, either.

The SubjectDN of the CA needs to match the IssuerDN of the next cert in
the chain.

> The risk I see is that someone adds a v1 *server* certificate to the
> trusted list, without realizing that it will act as a *CA* certificate
> in this place.



More information about the Pkg-gnutls-maint mailing list